From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 17 Dec 2018 14:04:48 +0000 (+0100)
Subject: suricata: Use "2" as repeat-mark and repeat-mask.
X-Git-Tag: v2.23-core131~117^2~129
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=f5ad510e3c0f416a1507999f5ad20ab171df9c07

suricata: Use "2" as repeat-mark and repeat-mask.

The previous used "1" was already used to mark source-natted
packets.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 6c1a7de000..94e13f501c 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -117,10 +117,10 @@ logging:
 
 nfq:
    mode: repeat
-   repeat-mark: 1
-   repeat-mask: 1
-   bypass-mark: 1
-   bypass-mask: 1
+   repeat-mark: 2
+   repeat-mask: 2
+#   bypass-mark: 1
+#   bypass-mask: 1
 #  route-queue: 2
 #  batchcount: 20
    fail-open: yes
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 93c2636f36..99097a8e3a 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -29,8 +29,8 @@ NFQ_OPTS="--queue-bypass "
 network_zones=( red green blue orange )
 
 # Mark and Mask options.
-MARK="0x1"
-MASK="0x1"
+MARK="0x2"
+MASK="0x2"
 
 # PID file of suricata.
 PID_FILE="/var/run/suricata.pid"