I have used both Snort and Suricata inline on my firewall.
With snort I use ip_queue, and with Suricata I use nf_queue.
Both seem to function in the same manner.
example:
iptables -t raw -I PREROUTING -j QUEUE
or
iptables -t raw -I PREROUTING -j NFQUEUE 1
After that I never see any further traffic in the raw table, despite
there might be a lot more rules to traverse. The -j never returns.
Instead the traffic magically reappears in the mangle table.
To make this function correctly I add that rule at the end of the table
where I rely on Snort/Suricata to report disposition.
I have tried this in all tables and saw the same results but the
application is processing the packets...
Either I am missing something very important, or this is an issue, AKA
bug. Not sure what I need to work on to fix it.
Suggestions?
Marty B.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
