Getting error after setting Suricata as a IPS

cb0n3y · February 10, 2022, 11:06am

Hello everyone,

i’m new to suricata and i’m trying to configure suricata as an IPS. On my suricata.log i get the following error:

10/2/2022 -- 11:57:05 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - nfq_unbind_pf() for AF_INET failed

On /etc/sysconfig/suriocata i set this:

OPTIONS="-q0"

I do not undestand why is this happening. Can someone please help with this? Thank you in advance.

Best regards

cb0n3y

suricatalfon · February 10, 2022, 12:40pm

Hi,

Have you configured iptables for NFQUEUE ?

https://suricata.readthedocs.io/en/suricata-6.0.4/setting-up-ipsinline-for-linux.html

cb0n3y · February 14, 2022, 1:33pm

Hello Suricatalfon,

sorry for the late answer and thank you for your response. No, i didn’t configure iptables for NFQUEUE yet. I will give a try and i let you know. Thank you again.

Regards

cb0n3y

Topic		Replies	Views
Suricata iptables and nft errors when all is setting up correctly Help	3	279	December 12, 2023
Suricata does not start in IPS mode Help ips , suricata	1	194	April 17, 2024
Connections dropping out Help	5	1211	October 22, 2020
Suricata config problem IPS Help ips	3	62	November 4, 2024
Nfq_create_queue failed Help ips	5	3782	May 25, 2020

Getting error after setting Suricata as a IPS

Related topics