> I have secret plan to integrate suricata ips at the proxmox host level. > (I have critical vms, and customers require an ips sometime)
You are always a step ahead ;-) Bu you should really sleep a few hours (mail sent a 3:55?) > ips can use a lot of cpu, and be able to enable it on specific vms, could be > worderfull. > > > They are a lot of information here > https://home.regit.org/2011/01/building-a-suricata-compliant-ruleset/ > > This can be done with netfilter target -J NFQUEUE > > example: -j NFQUEUE --queue-balance 0:1 > > > The main difficulty is that NFQUEUE is an ending target, so I think the only > way (when also using netfilter firewall rules) is to replace -J ACCEPT with -j > NFQUEUE. > > > I would like to add an option in vmid.fw : enable_ips: 1 > > then replace the -J ACCEPT with -J NFQUEUE .... > > > What do you think about it ? Feel free to add that. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
