Hello all,
Not sure if this is a bug or my own stupidity. I am trying out the Suricata intrusion detection plugin for the first time. I am getting the following error when I try to download the rulesets. Am I doing something wrong?
Thanks,
Steve
I had this as well trying suricata on 20.1, i fixed it by:
In Settings check "Enabled", uncheck "IPS Mode" for now, then apply.
Now select all rules and click disable selected then hit download & update, select the rules you want, click enable selected and then hit download & update again, this time it should work.
Check the alerts for a couple of days, if everything is ok, select your rules again and click enable drop filter, download & apply, then enable "IPS Mode". This will block all traffic seen before in the alerts.
Fyi suricata only works on hardware, if you run opnsense inside a kvm like me it will kernel panic your whole firewall as soon as ips mode is enabled. This will change with netmap support in 21.1 hopefully. Suricata is also using a lot of ram, make sure your firewall has enough, small setup already uses 2GB.