Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata and pf
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata and pf (Read 2067 times)
sweetfoxxy
Newbie
Posts: 13
Karma: 1
Suricata and pf
«
on:
January 25, 2021, 01:42:50 pm »
Hello
Please, tell me, when an OPNsense firewall receives a packet on the interface, what engine will process it first?
Will it be suricata or pf?
And how does the firewall process the packet if suricata, sensei and pf are running?
Please, share your knowledge!
BR
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Suricata and pf
«
Reply #1 on:
January 25, 2021, 01:57:38 pm »
IPS mode Suricata(netmap) will get to see the packet before pf and can discard it.
Cheers,
Franco
Logged
hushcoden
Hero Member
Posts: 544
Karma: 23
Re: Suricata and pf
«
Reply #2 on:
January 26, 2021, 03:20:19 pm »
Quote from: franco on January 25, 2021, 01:57:38 pm
IPS mode Suricata(netmap) will get to see the packet before pf and can discard it.
Sorry if it's a dumb question, but is that true regardless if Suricata is enabled on either LAN or WAN interface ?
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Suricata and pf
«
Reply #3 on:
January 26, 2021, 03:32:15 pm »
It's true that regardless of WAN or LAN the
incoming
packet will be seen by Suricata first. Outgoing packets will need to pass through the network stack and pf first to reach Netmap to finally find its way to Suricata.
This is done for required symmetry with the address translations and not a security issue so please don't ask that next.
Cheers,
Franco
Logged
sweetfoxxy
Newbie
Posts: 13
Karma: 1
Re: Suricata and pf
«
Reply #4 on:
January 31, 2021, 02:14:38 pm »
Thank you for your answers
As I know, both Sensei and Suricata use netmap. So does suricata or sensei process packet first?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata and pf
