Hi All
I am trying to get suricata running inline, using the ip divert function to divert from ipfw to suricata. I can see the divert working from the IPFW rule as when I do
The problem that I am seeing is that the packets dont seem to be getting injected back into ipfw for processing further. Can anyone offer any pointers? I have checked that there is a line in the suricata config for what to do with the traffic. Is there a simple test that I can do to check that the divert is actually working?
I am trying to get suricata running inline, using the ip divert function to divert from ipfw to suricata. I can see the divert working from the IPFW rule as when I do
ipfw -t list
i can see the time stap incrementing. The problem that I am seeing is that the packets dont seem to be getting injected back into ipfw for processing further. Can anyone offer any pointers? I have checked that there is a line in the suricata config for what to do with the traffic. Is there a simple test that I can do to check that the divert is actually working?