Suricata, nDPI and IPTables in combination

Hi all,
did someone ever heard of an
“Protocol-aware Intrusion Prevention System (IPS) with Deep Packet Inspection (DPI)-enhanced traffic control” or even tried it ?

This term encompasses the following aspects:

1. Protocol-aware: Suricata, enhanced by nDPI, can identify and act on specific protocols and applications.
2. Intrusion Prevention System (IPS): Suricata is operating in inline mode to actively prevent threats.
3. Deep Packet Inspection (DPI): nDPI provides advanced protocol and application identification capabilities.
4. Traffic control: iptables is used to enforce the firewall rules based on nDPI or Suricata’s decisions.

Will not go much deeper (currently i can only a little ) but have read of the possibility. Suricata is there, IPTables is there nDPI is here → GitHub - ntop/nDPI: Open Source Deep Packet Inspection Software Toolkit .

Might be nice to hear some “Dos und Don’ts”, further ideas, about possible environments and for sure your opinion on this topic.

Best,

Erik

Point 1. Mentioned above might comes in the next time ?!

• How nDPI Introduced Behaviour Analysis in Suricata – ntop
• Feature #7231: ndpi: augment flows/alerts with ndpi metadata and extend signature keywords - Suricata - Open Information Security Foundation
• Feature #511: Port indepedent protocol identification (nDPI) - Suricata - Open Information Security Foundation

May also interessting for IPFire ?