OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Suricata IPS ban IP (iteract with pf)
« previous next »
  • Print
Pages: [1]

Author Topic: Suricata IPS ban IP (iteract with pf)  (Read 2145 times)

keve

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Suricata IPS ban IP (iteract with pf)
« on: June 15, 2017, 02:39:07 pm »
I have started using the IPS feature of Suricata and plugged some own rules. Alerts and Drops work fine.
I would like to enhance the setup by temporarily blacklisting IPs that match rules, i.e. something like fwsam:src, 60 minutes;
After reading the first three dozen sites on this topic I concluded that this is not possible with suricata as installed on opnsense.
Is this the right conclusion?

Is there a workaround? Triggering an action when suricata matches a rule and add the ip to a fw table? And have a periodic cron job expire the ips?

I appreciate any advise on this topic.

Cheers,
Keve

Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Suricata IPS ban IP (iteract with pf)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2