Suricata

Additional info:

Below is the output of : suricata --build-info

[root@42826 ~]# suricata --build-info
[19440] 31/7/2011 -- 12:54:25 - (suricata.c:553) <Info> (main) -- This is Suricata version 1.1beta2
[19440] 31/7/2011 -- 12:54:25 - (suricata.c:436) <Info> (SCPrintBuildInfo) -- Features: NFQ LIBPCAP_VERSION_MAJOR=0 LIBCAP_NG LIBNET1.1
[19440] 31/7/2011 -- 12:54:25 - (suricata.c:450) <Info> (SCPrintBuildInfo) -- 32-bits, Little-endian architecture
[19440] 31/7/2011 -- 12:54:25 - (suricata.c:452) <Info> (SCPrintBuildInfo) -- GCC version 4.1.2 20080704 (Red Hat 4.1.2-50), C version 1999
01

Lambert, I think this is two problems in one.

The first is that iptables doesn't understand the command you're giving it. (Do you have the right kernel modules loaded and supporting libraries available? Etc.)

The second is, I think, that some (old?) versions of iptables incorrectly complained about -1 when they meant to complain about errno. 4294967295 is what you get when you cast -1 to an unsigned 32-bit int. :)

-Mike

This explicit message error of iptables is often linked with the lack of support of the NFQUEUE. Or your kernel is too old and does not have the feature, or the nfnetlink_queue module is not loaded.