On Mon, Sep 30, 2019 at 11:17:30AM +0200, Vieri Di Paola wrote: > Hi, > > My goal is to send a copy of all incoming and outgoing traffic on one > interface (or several) to an IDS machine/collector. > > I'm using the TEE target in iptables to do so. > > This is the command I use: > > iptables -t mangle -I PREROUTING -i enp5s0.11 -j TEE --gateway 10.215.144.7
That rule says traffic from enp5s0.11. Traffic from the firewall itself would not match that rule. -- Len Sorensen _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
