nfqueue

All of lore.kernel.org
 help / color / mirror / Atom feed

From: m <martinbarrowcliff@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: nfqueue
Date: Tue, 03 Aug 2010 13:01:54 -0400	[thread overview]
Message-ID: <4C584B82.2090907@gmail.com> (raw)

I have used both Snort and Suricata inline on my firewall.
With snort I use ip_queue, and with Suricata I use nf_queue.
Both seem to function in the same manner.

example:

iptables -t raw -I PREROUTING -j QUEUE

or

iptables -t raw -I PREROUTING -j NFQUEUE 1

After that I never see any further traffic in the raw table, despite 
there might be a lot more rules to traverse. The -j never returns.
Instead the traffic magically reappears in the mangle table.
To make this function correctly I add that rule at the end of the table
where I rely on Snort/Suricata to report disposition.

I have tried this in all tables and saw the same results but the 
application is processing the packets...

Either I am missing something very important, or this is an issue, AKA 
bug. Not sure what I need to work on to fix it.
Suggestions?

Marty B.

next             reply	other threads:[~2010-08-03 17:03 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-03 17:01 m [this message]
2010-08-03 17:30 ` nfqueue Karl Hiramoto
2010-08-03 17:55 ` nfqueue Jan Engelhardt
  -- strict thread matches above, loose matches on Subject: below --
2010-07-20 17:01 nfqueue ratheesh k

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C584B82.2090907@gmail.com \
    --to=martinbarrowcliff@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.