-
Version - 6.0.10
-
Installed via apt
-
Debian Linux Distro
-
Flow Diagram -
WAN -> Suricata -> Traefik + Crowdsec
I am trying to setup suricata in “Inline” mode so it can analyse the packets prior to my reverse proxy receiving the packets.
I added the following rule into my iptables but it seems like it just doesnt let the request through.
sudo iptables -I FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0
and i have tried
sudo iptables -I INPUT -j NFQUEUE --queue-num 0
Any help would be appreciated.
edit:
as a test i added the following rules into my local.rules
to see if it is dropping traffic.
# Block all TCP traffic on port 443 drop tcp any any -> any 443 (msg:"Blocking all HTTPS TCP traffic"; sid:100001; rev:1;)
# Block all UDP traffic on port 443 (for HTTP/3)
drop udp any any -> any 443 (msg:"Blocking all HTTPS UDP traffic (HTTP/3)"; sid:100002; rev:1;)
suricata.yaml (73.0 KB)