Hello,
I have Suricata running (I believe) since Systems->Diagnostics->Services has the green play button visible for it.
Under Services->Intrusion Detection->Administration (correct place?) there are a bunch of tabs. How do I go about setting some Rules? Use Rules details? Or should I stick with Firewall NAT for my custom rules and leave Suricata for well known signatures (since I wouldn't have any clue about SSL/Fingerprint if I attempted to enter a record here)?
Sorry for being all over the place with newbie questions. I've just discovered that I need to lock down my small site from probes on a select few well known ports. Since OPNsense can do it for me, I looking for guidance (or pointers to tutorials).
Thanks.
This should be done via Firewall Rules, not IPS
OK. Will use Rules. Thx again!