From f35dc04942188f364d37f04134b5b0d53c249399 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sat, 20 Feb 2021 12:13:03 -0500
Subject: [PATCH] suricata first

---
 scripts/install.sh                | 2 +-
 scripts/subinstallers/suricata.sh | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 9528e4a..1e3bfcb 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -102,10 +102,10 @@ source ./scripts/subinstallers/platform.sh
 echo "Setting up firewall (iptables)"
 if [ ! -f "/etc/iptables/rules.v4" ]; then
     echo "Setting iptables rules..."
+    ./scripts/subinstallers/suricata.sh
     ./scripts/subinstallers/iptables.sh
     ./scripts/subinstallers/ip6tables.sh
     ./scripts/subinstallers/iptables_docker.sh
-    ./scripts/subinstallers/suricata.sh
     ./scripts/subinstallers/iptables_cleanup.sh
 else
     echo "iptables rules exist. Leaving alone."
diff --git a/scripts/subinstallers/suricata.sh b/scripts/subinstallers/suricata.sh
index 96e4336..8a0368b 100755
--- a/scripts/subinstallers/suricata.sh
+++ b/scripts/subinstallers/suricata.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 # minimal dependencies
 sudo -E apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev   \
                 libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \
@@ -34,6 +36,6 @@ else
 fi
 
 # iptables
-sudo iptables -A INPUT -j NFQUEUE
-sudo iptables -I FORWARD -j NFQUEUE
+#sudo iptables -A INPUT -j NFQUEUE
+#sudo iptables -I FORWARD -j NFQUEUE
 #sudo iptables -I OUTPUT -j NFQUEUE