Project

General

Profile

Actions

Support #2742

closed

help with inline IPS

Added by jeremy d about 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Affected Versions:
Label:

Description

Hello! I am trying to have suricata be inline and block on 2 interfaces eth0 and eth1. eth0 is my gateway and eth1 is providing DHCP downstream. I have it blocking on the external interface with the following commands, yet it only alerts on inbound going out traffic.

modprobe br_netfilter
ifconfig eth1 192.168.22.1 up
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -t mangle -j NFQUEUE --queue-bypass
echo 1 > /proc/sys/net/ipv4/ip_forward
Actions

Also available in: Atom PDF