查看是否支持NFQ模式
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: yes
NFLOG support: no
IPFW support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: no
Detection enabled: yes
设置防火墙策略:
输入,输出走NFQ模式, the queue number will be 0 by default
此时不启动suricata,无法连接外网
编写规则文件:
cat test.rules
drop http any any -> any any (msg:"hit baidu.com...";content:"baidu"; reference:url, www.baidu.com;)
启动程序:suricata -s test.rules -q 0 设置默认NFQ的num=0
连接百度法无法连接,连接其他网络可以连接,表明实现了阻断功能