Suricata inline mode mark packet and process it with firewall rule??
I would like to do some policy routing base on contents of a packet, but the firewall rule does not have complex dpi function i.e. deep packet inspection. I had a try with suricata, and it could perfectly inspect the packet by creating my custom rules. But it only allows me to drop the packet. I wonder if it can somehow tag the packet; and later, there could be some firewall rules to process these packet with certain tags.
I've searched the "whole" internet for days, but I haven't notice anything on this topic. Would someone please help me?
bmeeks last edited by
What you want to do is not currently possible with either Suricata or Snort on pfSense. The firewall and the IDS/IPS do not cooperate with other at that level.