Discussion:
[Shorewall-users] Shorewall 4.6 and Suricata integration in Proxmox 4.1
Zenny
2017-02-13 11:39:08 UTC
Permalink
Hi,

I added a rule for SURICATA as Tom replied in
https://sourceforge.net/p/shorewall/mailman/message/34120611/

NFQUEUE(0) all all tcp http,https

but that appears to stop all network. I am trying to integrate
Shorewall with Suricata as stated at the end of this page
(https://pve.proxmox.com/wiki/Firewall), but once I restart Shorewall,
I could not get in.

Thanks in advance.
--
Cheers,
/z


-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: http://openpgpjs.org

xsBNBFcTxwEBCAC+G0MG+BHNGs8orGRobPV6jd+8RtT4XhXXEnuEjLA5uHz8
1OulvUS/qiq58Jo/KEnTn19rtyNiN7GmrLvo14Q0+mpFQEfrnzj2NCr1bf8w
l5r+CrIIb+xFEqf5dIHf3w1NNXgHwl6Z3QBflZsqaPHa8y5dhAqVlr1NS7EL
VgCifutAppl2Fcl05p4F5pQLKHMYCO+5gPMnMfnOOe4BTch0VOg8N4qkv0Px
JtSHjHucpivf4eJwznejYwDt/AtdyaB7LUC9N6yuLN+QYuB/mIo0YVU2wcgP
iwr8ITfDUz5Nx0MUm9hmTbOyj6ixNOVuYMmOvevCzzU0ULEkr99EMoAJABEB
AAHNHFplbm55IDxnYXJieXRyYXNoQGdtYWlsLmNvbT7CwHIEEAEIACYFAlcT
xwEGCwkIBwMCCRABOcPTK6+XKwQVCAIKAxYCAQIbAwIeAQAAD5gH/21f5PLm
ytP4rd9HLGKHTMQola/VKMoCMlA7zb1LLJKTCJayZmIproblTyWO8iSSkkaA
89gIifuCTvMJ8vh4WLTUfO0gr+41uZhLScYqAOoqgctCPsyrHxV4QBYAzGf7
1LAEymtYBSiKHhks4Jff190Czrfupz7AAuLxepS1/RIZbdmeYO2g8FWf4sIR
ZFKehNMSWlspxYGxXdAmGLX+xtHD+LNHqqnERsuatynR9oJ3G8WauD4CiNgW
IRyfxf2xZVj7J+bGzg7dl7IJNmp0UDTLqqsF2TFpURyfIAAAhb3WkQAaV5n1
osMST1BbCnWdGo5bjpReuBl3lQ5bIn3Gc3HOwE0EVxPHAQEIAL2Pq+od71kT
/lRMt+XDryOc1XTT5DJW7BUMXOjXXOZfWsuGTrqU3O1XYPWYzoZy9L+6zpII
On/auicvkUblWvrXkt4CIVIU1qDk6KpDKVKBiINy5sk7cTyjumbqxPmnVBK2
DHN27rLOnReCnFUmgIgbfgK0/un0oEnAHvsYdeg1ydipd2vVzx3aJ1TfQS1W
IBWN125EO4nKQ5Kl1XV7nWvlv+ZvrOmOWVeSl9jpyZvLJDmks0E/AIF4QBJF
K+NTME8+x7CwFDQwLGENXojeZOfsNHbln91KE1ZU1/QvzLHVqdZOo/s20Y7V
tjdUsiUPpVQcsSpXLzGKPCWz90M3Be8AEQEAAcLAXwQYAQgAEwUCVxPHAgkQ
ATnD0yuvlysCGwwAAL9hCACP7CY1fivXEN4X+l/C56l/nARrNVoZvJr4QHnF
9C/r5m6TLCMov0eOLg8IvZF7M0Ecyvq1IzNqbwQd+8mTA4tn+aND20fk2z08
floFL6fJykIyAGtRMwAb3HdC1pqexk/0pYxhoy9GtQzqvK/NbcPPdBDd1N7M
pKdXDVhXhx0R1K6UlMYfnyc9o171UYRPlFrmdBV7ZLC4KeBKqFEESKXaxyRg
D7E1FXGl1pDMh2QJNM/n9gVLJb0+znBsPG4jUNOctAOhRwF9Z23qsU6AGpOu
QhWG1alJz6d1T4sTgPdh+K1nMWNKGUzzayAKrRPTbnwLEijqqJPpIIDVzoai
py73
=JPvb
-----END PGP PUBLIC KEY BLOCK-----
Tom Eastep
2017-02-15 22:07:37 UTC
Permalink
Post by Zenny
Hi,
I added a rule for SURICATA as Tom replied in
https://sourceforge.net/p/shorewall/mailman/message/34120611/
NFQUEUE(0) all all tcp http,https
but that appears to stop all network. I am trying to integrate
Shorewall with Suricata as stated at the end of this page
(https://pve.proxmox.com/wiki/Firewall), but once I restart
Shorewall, I could not get in.
Thanks in advance.
The output of 'shorewall dump' collected as described at
http://www.shorewall.net/support.htm#Guidelines would be helpful.

Thanks,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Loading...