Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nProbe in IPS mode not blocking / enforcing policies #577

Open
rxrotorboy opened this issue May 23, 2023 · 1 comment
Open

nProbe in IPS mode not blocking / enforcing policies #577

rxrotorboy opened this issue May 23, 2023 · 1 comment

Comments

@rxrotorboy
Copy link

I have nProbe pro and ntopng pro running in IPS mode. Initially, nProbe was enforcing the L7 policies I had created, but now is not. ntopng can see the flows (using ZMQ interface), but ignores the enforcement (traffic is allowed through).
My setup is as follows:
Debian 11
1 x LAN and 1 x WAN interface (not bridged)
iptables forwarding all traffic to NFQUEUE: iptables -A FORWARD -j NFQUEUE --queue-num 0 --queue-bypass
zmq on tcp 1234
zmq publish events on tcp 5557
@cardigliano
Copy link
Member

@rxrotorboy a few questions:

  1. you specified "not bridged", does this mean you are not setting up a bridge with the LAN and WAN interfaces? Are you using the box as a router (ip forwarding)?
  2. what did you do to break the old working configuration? Did you update the software? From which to which version? Did you also change something in the configuration?
    Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cardigliano @rxrotorboy