Dear all forumer, I had configured my Centos 9 stream to implement IPS with suricata. Everything run perfectly except the traffic is not directed to nftables yet.
This is my nftables firewall rules.
/etc/sysconfig/nftables.config
Quote:
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state invalid counter drop comment "early drop of invalid packets"
ct state {established, related} counter accept comment "accept all connections related to connections made by us"
iif lo accept comment "accept loopback"
iif != lo ip daddr 127.0.0.1/8 counter drop comment "drop connections to loopback not coming from loopback"
iif != lo ip6 daddr ::1/128 counter drop comment "drop connections to loopback not coming from loopback"
ip protocol icmp counter accept comment "accept all ICMP types"
ip6 nexthdr icmpv6 counter accept comment "accept all ICMP types"
counter comment "count dropped packets"
}
chain forward {
type filter hook forward priority 0; policy drop;
counter comment "count dropped packets"
}
# If you're not counting packets, this chain can be omitted.
chain output {
type filter hook output priority 0; policy accept;
counter comment "count accepted packets"
}
}
|
I read the suricata official documentation where need to add following rules to the firewall ruleset but i don’t know how to translate it into format like above.
Quote:
nft> add chain filter IPS { type filter hook forward priority 10;}
To send all forwarded packets to Suricata one can use
nft> add rule filter IPS queue
|
Questions for Crowdsec:
From /etc/crowdsec/bouncer/crowdsec-firewall-bouncer.yaml.
There is
Quote:
## nftables
nftables:
ipv4:
enabled: true
set-only: false
table: crowdsec
chain: crowdsec-chain
priority: -10
ipv6:
enabled: true
set-only: false
table: crowdsec6
chain: crowdsec6-chain
priority: -10
|
Do we need to create the table and chain according to the configuration. If yes, How?
Hope someone can convert the command based add rule to correct syntax in file.
Please help. Thanks. A billion thanks for your help.
