[3/9] suricata: Define bypass mark
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/suricata/suricata.yaml | 4 ++--
src/initscripts/system/suricata | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
> config/suricata/suricata.yaml | 4 ++--
> src/initscripts/system/suricata | 2 ++
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
> index 1ce013dc7..f02b93d76 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -348,8 +348,8 @@ nfq:
> mode: repeat
> repeat-mark: 2147483648
> repeat-mask: 2147483648
> -# bypass-mark: 1
> -# bypass-mask: 1
> + bypass-mark: 1073741824
> + bypass-mask: 1073741824
> # route-queue: 2
> # batchcount: 20
> fail-open: yes
> diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
> index 111bd9df3..981471c7c 100644
> --- a/src/initscripts/system/suricata
> +++ b/src/initscripts/system/suricata
> @@ -37,6 +37,8 @@ enabled_ips_zones=()
> # Mark and Mask options.
> REPEAT_MARK="0x80000000"
> REPEAT_MASK="0x80000000"
> +BYPASS_MARK="0x40000000"
> +BYPASS_MASK="0x40000000"
>
> # PID file of suricata.
> PID_FILE="/var/run/suricata.pid"
>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
> config/suricata/suricata.yaml | 4 ++--
> src/initscripts/system/suricata | 2 ++
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/config/suricata/suricata.yaml
> b/config/suricata/suricata.yaml
> index 1ce013dc7..f02b93d76 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -348,8 +348,8 @@ nfq:
> mode: repeat
> repeat-mark: 2147483648
> repeat-mask: 2147483648
> -# bypass-mark: 1
> -# bypass-mask: 1
> + bypass-mark: 1073741824
> + bypass-mask: 1073741824
> # route-queue: 2
> # batchcount: 20
> fail-open: yes
> diff --git a/src/initscripts/system/suricata
> b/src/initscripts/system/suricata
> index 111bd9df3..981471c7c 100644
> --- a/src/initscripts/system/suricata
> +++ b/src/initscripts/system/suricata
> @@ -37,6 +37,8 @@ enabled_ips_zones=()
> # Mark and Mask options.
> REPEAT_MARK="0x80000000"
> REPEAT_MASK="0x80000000"
> +BYPASS_MARK="0x40000000"
> +BYPASS_MASK="0x40000000"
>
> # PID file of suricata.
> PID_FILE="/var/run/suricata.pid"
@@ -348,8 +348,8 @@ nfq:
mode: repeat
repeat-mark: 2147483648
repeat-mask: 2147483648
-# bypass-mark: 1
-# bypass-mask: 1
+ bypass-mark: 1073741824
+ bypass-mask: 1073741824
# route-queue: 2
# batchcount: 20
fail-open: yes
@@ -37,6 +37,8 @@ enabled_ips_zones=()
# Mark and Mask options.
REPEAT_MARK="0x80000000"
REPEAT_MASK="0x80000000"
+BYPASS_MARK="0x40000000"
+BYPASS_MASK="0x40000000"
# PID file of suricata.
PID_FILE="/var/run/suricata.pid"