Conflicts:
suricata/suricata.nm
stream:
memcap: 33554432
checksum_validation: yes
+ inline: yes
reassembly:
memcap: 67108864
depth: 1048576
enabled: no
facility: local5
format: "[%i] <%d> -- "
+ - drop:
+ enabled: yes
+ filename: drop.log
+ append: yes
+
+nfq:
+ mode: repeat
+ repeat_mark: 1
+ repeat_mask: 1
# PF_RING configuration. for use with native PF_RING support
# for more info see http://www.ntop.org/PF_RING.html
name = suricata
version = 1.1
-release = 1
+release = 2
groups = Networking/IDS
url = http://www.openinfosecfoundation.org/
[Service]
Type=forking
ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.conf -q 0 -q 1 -D
-ExecStartPost=/sbin/iptables -I INPUT -j NFQUEUE -–queue-balance 0:1
+ExecStartPost=/sbin/iptables -I INPUT -mark ! --mark 1/1 -j NFQUEUE -–queue-balance 0:1
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/sbin/iptables -D INPUT -j NFQUEUE -–queue-balance 0:1
ExecStopPost=/bin/kill $MAINPID
projects / people / arne_f / ipfire-3.x.git / commitdiff
