Hi,
My Suricata version: 7.0.3, Operating system: Oracle Linux on core 5.15, How installed Suricata: yum.
Machine: 8 network cards slaves on br0 with FORWARD call to iptables.
I need to distinguish the all macs to avoid spoofing/hacking (by line) between 8 lines in layer 2.
vision for eth1-eth2:
wan------eth1------queue1------br0_or_v-switch------queue2------eth2------lan2
rules: only_alerts.rules
Concept 1 have problem when:
I have 1 queue per 1 network card per 1 process/pid
-c yaml_n_rules_for_card1.yaml -q 1
-c yaml_n_rules_for_card2.yaml -q 2
IPS queues allows only ping/dhcp_stuff but no others packets for www - question 1 is - Why?
Concept 2 have problem when:
I have all queues of cards in one process/pid
-c default_yaml_n_all_rules.yaml -q 1 -q 2
IPS queue allows all packets by br0, ok… - question 2 is - how to difference my 8 net cards in rules?
regards!