]> git.ipfire.org Git - people/ms/ipfire-3.x.git/commitdiff
projects / people / ms / ipfire-3.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4736bb)
suricata: Changed some config options.
authorChristian Schmidt <christian.schmidt@ipfire.org>
Mon, 21 Nov 2011 18:08:55 +0000 (18:08 +0000)
committerChristian Schmidt <christian.schmidt@ipfire.org>
Mon, 21 Nov 2011 18:08:55 +0000 (18:08 +0000)
suricata/suricata.conf patch | blob | blame | history
suricata/suricata.nm patch | blob | blame | history
suricata/systemd/suricata.service patch | blob | blame | history

diff --git a/suricata/suricata.conf b/suricata/suricata.conf
index d1d5a257947270e224c1cdc2ceb753106c9ac780..8c2b1ed7bd0073e5ed01bf633c379aa753fe64df 100644 (file)
--- a/suricata/suricata.conf
+++ b/suricata/suricata.conf
@@ -255,6 +255,7 @@ flow-timeouts:
 stream:
   memcap: 33554432
   checksum_validation: yes
+  inline: yes
   reassembly:
     memcap: 67108864
     depth: 1048576
@@ -295,6 +296,15 @@ logging:
       enabled: no
       facility: local5
       format: "[%i] <%d> -- "
+  - drop:
+      enabled: yes
+      filename: drop.log
+      append: yes
+
+nfq:
+      mode: repeat
+      repeat_mark: 1
+      repeat_mask: 1
 
 # PF_RING configuration. for use with native PF_RING support
 # for more info see http://www.ntop.org/PF_RING.html
diff --git a/suricata/suricata.nm b/suricata/suricata.nm
index e9ac31fecea8153536979dd264a443f82404147e..780c29509c0327883544d79b41c8a59fd61df66d 100644 (file)
--- a/suricata/suricata.nm
+++ b/suricata/suricata.nm
@@ -5,7 +5,7 @@
 
 name      = suricata
 version   = 1.1
-release   = 1
+release   = 2
 
 groups     = Networking/IDS
 url        = http://www.openinfosecfoundation.org/
diff --git a/suricata/systemd/suricata.service b/suricata/systemd/suricata.service
index 4e0b6894169c578350d2ac23440d42e5d37519a2..24cfa98cc4370eedf519d0f6101d92ac492be54f 100644 (file)
--- a/suricata/systemd/suricata.service
+++ b/suricata/systemd/suricata.service
@@ -5,7 +5,7 @@ After=syslog.target network.target
 [Service]
 Type=forking
 ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.conf -q 0 -q 1 -D
-ExecStartPost=/sbin/iptables -I INPUT -j NFQUEUE -–queue-balance 0:1
+ExecStartPost=/sbin/iptables -I INPUT -mark ! --mark 1/1 -j NFQUEUE -–queue-balance 0:1
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStop=/sbin/iptables -D INPUT -j NFQUEUE -–queue-balance 0:1
 ExecStopPost=/bin/kill $MAINPID
Michael's tree of IPFire 3.x.