I have this forwarding rule in my iptables:<br />
<br />
-A FORWARD -j NFQUEUE --queue-balance 0:3<br />
<br />
The queues are processed by Suricata. Suricata stats show no activity on queues<br />
1:3. Also, /proc/net/netfilter/nfnetlink_queue looks like this soon after a<br />
reboot:<br />
<br />
$ sudo cat /proc/net/netfilter/nfnetlink_queue<br />
0 2010 0 2 65535 0 0 92116 1<br />
1 -4195 0 2 65535 0 0 0 1<br />
2 -4196 0 2 65535 0 0 0 1<br />
3 -4197 0 2 65535 0 0 0 1<br />
<br />
If instead I set rules like:<br />
<br />
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j NFQUEUE<br />
--queue-num 0<br />
-A FORWARD -i eth1 -o eth0 -j NFQUEUE --queue-num 1<br />
<br />
Suricata stats.log and /proc/net/netfilter/nfnetlink_queue report activity on<br />
both queues.
↧