Suricata: NFQUEUE, separated ET rules and pakon-dev-detect data source change
This merge requests mainly changes suricata data input method to NFQUEUE. The init/fw script is heavily inspired by pakon-guts init/fw script.
Other things include:
- separating emergingthreat rules (their loading and updating) from
suricatabase package (suricata-emergingthreats-rules) - embedding suricata config file to package (instead of using
sedin Makefile) + some fine tunning (turning bypass on, preparing include_dir to allow integrating other packages) - moving pakon-dev-detect to get data from
suricatainstead ofpakon-guts(+ dropping dependency onpakon-guts).
I would like this to get merged as soon as possible to allow some testing from others. Suricata is probably not used by anyone except few developers, so these changes itself doesn't matter, but pakon-dev-detect is kind-of public (but marked as experimental), that's why I'm asking for review. I'm testing (and polishing) all these things for few days and they seem working well.
pakon-dev-detect backend changes are in related merge request turris/pakon-dev-detect!4 (merged).