Add HACK for integrating suricata IPS (at 'gw-ckubu').

2019-05-20 17:16:33 +02:00 · 2019-05-20 17:16:33 +02:00 · 7b34fa3222
commit 7b34fa3222
parent e2a8392a8c
2 changed files with 34 additions and 0 deletions
--- a/17
+++ b/17
@ -512,6 +512,23 @@ esac
 echo


+# -------------
+# - suricata IPS (Inline Mode)
+# -------------
+
+# - HACK for integrating suricata IPS (Inline Mode) at 'gw-ckubu'
+# -
+echononl "\tForward to suricata IPS (inline Mode)"
+if [[ -n "$(ps ax | grep "/usr/bin/suricata" 2>/dev/null | grep -v grep 2> /dev/null | awk '{print$1}')" ]] ; then 
+   $ip6t -A FORWARD -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-balance 0:3
+   echo_done
+else
+   echo_skipped
+fi
+
+echo
+
+
 # -------------
 # --- iPerf
 # -------------
--- a/17
+++ b/17
@ -1061,6 +1061,23 @@ esac
 echo


+# -------------
+# - suricata IPS (Inline Mode)
+# -------------
+
+# - HACK for integrating suricata IPS (Inline Mode) at 'gw-ckubu'
+# -
+echononl "\tForward to suricata IPS (inline Mode)"
+if [[ -n "$(ps ax | grep "/usr/bin/suricata" 2>/dev/null | grep -v grep 2> /dev/null | awk '{print$1}')" ]] ; then 
+   $ipt -A FORWARD -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-balance 0:3
+   echo_done
+else
+   echo_skipped
+fi
+
+echo
+
+
 # -------------
 # --- iPerf
 # -------------