Suricata and IPFW

Hi All

I am trying to get suricata running inline, using the ip divert function to divert from ipfw to suricata. I can see the divert working from the IPFW rule as when I do ipfw -t list i can see the time stap incrementing.

The problem that I am seeing is that the packets dont seem to be getting injected back into ipfw for processing further. Can anyone offer any pointers? I have checked that there is a line in the suricata config for what to do with the traffic. Is there a simple test that I can do to check that the divert is actually working?
 
If I set the above to 0 then nothing lsten on port 8000, but when it's set to 1 I get:

Code:
santaslittlehelper# netstat -an | grep 8000
div4       0      0 *.8000                 *.*
 
Back
Top