suricata: Use "2" as repeat-mark and repeat-mask.

The previous used "1" was already used to mark source-natted packets. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-26 10:52:57 +02:00 · 2018-12-17 15:04:48 +01:00
parent 208cb3363f
commit f5ad510e3c
2 changed files with 6 additions and 6 deletions
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -117,10 +117,10 @@ logging:

 nfq:
   mode: repeat
-   repeat-mark: 1
-   repeat-mask: 1
-   bypass-mark: 1
-   bypass-mask: 1
+   repeat-mark: 2
+   repeat-mask: 2
+#   bypass-mark: 1
+#   bypass-mask: 1
 #  route-queue: 2
 #  batchcount: 20
   fail-open: yes
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -29,8 +29,8 @@ NFQ_OPTS="--queue-bypass "
 network_zones=( red green blue orange )

 # Mark and Mask options.
-MARK="0x1"
-MASK="0x1"
+MARK="0x2"
+MASK="0x2"

 # PID file of suricata.
 PID_FILE="/var/run/suricata.pid"