Suricata: Multi Tenancy (VLAN)/ Latency Question

Started by maweber, December 12, 2018, 09:22:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 12, 2018, 09:22:29 PM Last Edit: December 14, 2018, 07:53:49 AM by maweber
Hi all

Edit: Sorry this belongs to the other (Suricata) forum, but it seems I cannot delete this.

I read in this doc
https://suricata.readthedocs.io/en/suricata-4.0.1/configuration/multi-tenant.html

that it's possible to distinguish configs by VLAN IDs using multi-detect.

My questions here:

  • are the default baremetal interfaces in "netmap" the ones where the VLANs tenants are based on?
  • if I want filters on VLAN-1, but empty rules on VLAN-2: will there be an inspection and latency on VLAN-2? (I ask because I had lags with openvpn going through suricata. a pass rule didn't help. only disabling did.
  • what is the most stable way for opnsense to eat my "multi-detect" config? just add it in the custom.yaml file, and reference (+TARGETS) the additional yamls?

Thanks a lot.
Best
Manu
Print
Go Up Pages1
User actions