* nfqueue
@ 2010-08-03 17:01 m
2010-08-03 17:30 ` nfqueue Karl Hiramoto
2010-08-03 17:55 ` nfqueue Jan Engelhardt
0 siblings, 2 replies; 3+ messages in thread
From: m @ 2010-08-03 17:01 UTC (permalink / raw)
To: netfilter-devel
I have used both Snort and Suricata inline on my firewall.
With snort I use ip_queue, and with Suricata I use nf_queue.
Both seem to function in the same manner.
example:
iptables -t raw -I PREROUTING -j QUEUE
or
iptables -t raw -I PREROUTING -j NFQUEUE 1
After that I never see any further traffic in the raw table, despite
there might be a lot more rules to traverse. The -j never returns.
Instead the traffic magically reappears in the mangle table.
To make this function correctly I add that rule at the end of the table
where I rely on Snort/Suricata to report disposition.
I have tried this in all tables and saw the same results but the
application is processing the packets...
Either I am missing something very important, or this is an issue, AKA
bug. Not sure what I need to work on to fix it.
Suggestions?
Marty B.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: nfqueue
2010-08-03 17:01 nfqueue m
@ 2010-08-03 17:30 ` Karl Hiramoto
2010-08-03 17:55 ` nfqueue Jan Engelhardt
1 sibling, 0 replies; 3+ messages in thread
From: Karl Hiramoto @ 2010-08-03 17:30 UTC (permalink / raw)
To: m; +Cc: netfilter-devel
On 03/08/2010 19:01, m wrote:
> I have used both Snort and Suricata inline on my firewall.
> With snort I use ip_queue, and with Suricata I use nf_queue.
> Both seem to function in the same manner.
>
> example:
>
> iptables -t raw -I PREROUTING -j QUEUE
>
> or
>
> iptables -t raw -I PREROUTING -j NFQUEUE 1
>
Have you tried in the mangle table?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: nfqueue
2010-08-03 17:01 nfqueue m
2010-08-03 17:30 ` nfqueue Karl Hiramoto
@ 2010-08-03 17:55 ` Jan Engelhardt
1 sibling, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2010-08-03 17:55 UTC (permalink / raw)
To: m; +Cc: netfilter-devel
On Tuesday 2010-08-03 19:01, m wrote:
> I have used both Snort and Suricata inline on my firewall.
> With snort I use ip_queue, and with Suricata I use nf_queue.
> Both seem to function in the same manner.
>
> example:
>
> iptables -t raw -I PREROUTING -j QUEUE
>
> or
>
> iptables -t raw -I PREROUTING -j NFQUEUE 1
>
> After that I never see any further traffic in the raw table, despite there
> might be a lot more rules to traverse. The -j never returns.
NFQUEUE is a terminating target.
> Either I am missing something very important, or this is an issue, AKA bug. Not
> sure what I need to work on to fix it.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-08-03 17:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-03 17:01 nfqueue m
2010-08-03 17:30 ` nfqueue Karl Hiramoto
2010-08-03 17:55 ` nfqueue Jan Engelhardt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).