Feature #2150
closedSupport for attaching Suricata to multiple NFQ's using the default startup script
Description
The Ubuntu package comes with the file "/etc/default/suricata" , where you can set startup options.
Currently it supports that you can define the number of the NFQUEUE Suricata should attached itself to.
An enhancement would be to support multiple queues, maybe something like NFQUEUE=0-3, which would result in Suricata being attached to multiple queues, (-q 0 -q 1 -q 2 -q 3 ) as defined by the variable
Updated by Victor Julien over 7 years ago
I think a better approach would be to define a variable that overrides the scripts way of calling suricata. E.g. CUSTOM="-q 0 -q 1 -q 2" or CUSTOM="-i eth0 -i eth1".
Updated by Peter Manev over 7 years ago
@Mikael - could you please try out the package in - https://launchpad.net/~oisf/+archive/ubuntu/suricata-ids-ips
Feedback is welcome!
Updated by Mikael Keri over 7 years ago
@Peter Pan The new settings were easily applied and works as expected. Thank you! If you need more feedback please let me know.
Updated by Andreas Herz over 7 years ago
- Target version changed from 70 to Packaging/PPA
Updated by Peter Manev over 6 years ago
This is has been updated as per the comments/requests here with a "CUSTOM.." variable in the default file setting in Suricata 4.1beta1 PPA packaging.
Feedback is much appreciated!
Updated by Mikael Keri over 6 years ago
@Peter Pan I have tested and verified the new update using the CUSTOM variable and it works fine, thanks!
Updated by Mikael Keri almost 6 years ago
As 4.1 has this feature included, I think you can go ahead and close this case