mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1e600c1054
This patch adds a new mode for NFQ inline mode. The idea is to
simulate a non final NFQUEUE rules.
This permit to do send all needed packets to suricata via a simple
FORWARD rule:
iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE
And below, we have a standard filtering ruleset.
To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and
put a mark ($MARK) with respect to a mask ($MASK) on the handled packet.
NF_REPEAT verdict has for effect to have the packet reinjected at start
of the hook after the verdict. As it has been marked by suricata during
the verdict it will not rematch the initial rules and make his way to
the following classical ruleset.
Mode, mark and mask can be configured via suricata.yaml file with the
following syntax:
nfq:
repeat_mode: (false|true)
mark: $MARK
mask: $MASK
Default is false to preserve backward compatibility.
Signed-off-by: Eric Leblond <eric@regit.org>
|
14 years ago | |
|---|---|---|
| benches | ||
| doc | ||
| libhtp | ||
| m4 | ||
| qa | ||
| src | ||
| .gitignore | ||
| COPYING | ||
| ChangeLog | ||
| LICENSE | ||
| Makefile.am | ||
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | ||
| classification.config | ||
| configure.in | ||
| depcomp | ||
| doxygen.cfg | ||
| install-sh | ||
| missing | ||
| mkinstalldirs | ||
| reference.config | ||
| suricata.yaml | ||