Af-packet with gre

Brad · April 16, 2021, 12:03am

Hello

I have a question maybe i am doing something wrong

Is there someone that tried to protect a backend between 2 servers but instead a inline

Using a gre tunnel ?

With nfqueue is working perfectly but i am limited by nfqueue that is reaching full even after i put max-pending-packet on 65530

I tried the af-packet but is not filtering the packets maybe because i am still using iptables to forward the traffic for gre ?

Andreas_Herz · April 20, 2021, 8:34pm

You should follow this guide if you want to use AF_PACKET inline mode: 13. Setting up IPS/inline for Linux — Suricata 6.0.2 documentation

Brad · April 21, 2021, 2:10am

Hello already tried this but the packets was not dropped the suricata în fast.log it said they was drop but the traffic through gre was still coming and probably that happen because i am forwarding the packets with iptables

Andreas_Herz · April 21, 2021, 8:02pm

Please describe your setup and configuration in more detail, cause you don’t need the iptables forward anymore when you do direct copy from one to the other interface via AF_PACKET.

Topic		Replies	Views
IPtables - NFQUEUE Issues Help	2	423	February 22, 2023
Af-packet vs nfqueue in IPS mode Help	1	683	May 16, 2023
Question about use queue mode accept Help ips , suricata	1	341	September 13, 2023
AF_Packet upload performance problems when running in IPS mode and using a linux bridge interface Help	3	1084	March 11, 2021
Issues with IPS Mode Help ips	4	865	March 1, 2023

Af-packet with gre

Related topics