suricata: Swith to "16" as repeat-mark and repeat-mask.
authorStefan Schantl <stefan.schantl@ipfire.org>
Mon, 18 Feb 2019 09:01:47 +0000 (10:01 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Mon, 18 Feb 2019 09:02:29 +0000 (10:02 +0100)
Marks "1-3" are used for marking source-natted packets on the
interfaces and 4 up to 6 for TOS and QOS. The mark "32" is used by IPsec.

See commit: f5ad510e3c0f416a1507999f5ad20ab171df9c07

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
config/suricata/suricata.yaml
src/initscripts/system/suricata

index 67b9e8a..4fbd32b 100644 (file)
@@ -117,8 +117,8 @@ logging:
 
 nfq:
    mode: repeat
-   repeat-mark: 2
-   repeat-mask: 2
+   repeat-mark: 16
+   repeat-mask: 16
 #   bypass-mark: 1
 #   bypass-mask: 1
 #  route-queue: 2
index 458aed4..d2c7586 100644 (file)
@@ -29,8 +29,8 @@ NFQ_OPTS="--queue-bypass "
 network_zones=( red green blue orange )
 
 # Mark and Mask options.
-MARK="0x2"
-MASK="0x2"
+MARK="0x16"
+MASK="0x16"
 
 # PID file of suricata.
 PID_FILE="/var/run/suricata.pid"