[pve-devel] pve-firewall : add support to suricata ips with NFQUEUE target
Alexandre DERUMIER
aderumier at odiso.com
Fri Mar 14 03:55:13 CET 2014
Hi,
I have secret plan to integrate suricata ips at the proxmox host level.
(I have critical vms, and customers require an ips sometime)
ips can use a lot of cpu, and be able to enable it on specific vms, could be worderfull.
They are a lot of information here
https://home.regit.org/2011/01/building-a-suricata-compliant-ruleset/
This can be done with netfilter target -J NFQUEUE
example: -j NFQUEUE --queue-balance 0:1
The main difficulty is that NFQUEUE is an ending target,
so I think the only way (when also using netfilter firewall rules) is to replace -J ACCEPT with -j NFQUEUE.
I would like to add an option in vmid.fw : enable_ips: 1
then replace the -J ACCEPT with -J NFQUEUE ....
What do you think about it ?
More information about the pve-devel
mailing list