Zenarmor with Netflow and nProbe

[Meg]

Hell:  Is it possible to run Zenarmor with Netflow and nProbe on the same network interfaces, or will there be a conflict because. I have been asked why I would want to run nProbe and ntop if I am running Zenarmor, but they each offer something different.

[lilsense]

What is your ultimate goal?

[Meg]

I am using Zenarmor free which I like but was planning on using nProbe for dropping some flows with some rules not available in Zenarmor free version. As I am on a small home system I would like more control without it costing me anymore.

[lilsense]

nProbe is not a Firewall or Zenarmor. nProbe gives you ability to capture the whole frame on the line like a wireshark. I am not quite sure why you believe nProbe can do this. If you'd like to kill a certain flows, then id the source destination and block it in FW rules.

[Meg]

I know that they are not a firwall but can be used to block malware websites, specific protocols and categories. nProbe if used in ips mode can drop flows for protocols, categories risky flows, countries and continents. But I don't think nProbe can be used on the same interface as zenarmor similar to how suricata can't.

[sy]

Hi,

The primary limitation here is the netmap tool. When two applications simultaneously utilize netmap, they cannot operate on the same interface.

[Meg]

Thanks. Thats what I figured. I have zenarmor on the lan interface, so I could run nProbe on the Wan if I wanted to but that would be not of much use.