Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: karaman on August 31, 2020, 06:44:55 PM

Title: IDS/IPS Restart / Reboot /Rule Change
Post by: karaman on August 31, 2020, 06:44:55 PM
Does the Suricata service have to restart or does the firewall have to be completely restarted?

I change rules and they don't work until I restart everything
Title: Re: IDS/IPS Restart / Reboot /Rule Change
Post by: karaman on September 01, 2020, 10:15:02 AM
No body an Idea?
Title: Re: IDS/IPS Restart / Reboot /Rule Change
Post by: Fright on September 01, 2020, 10:48:34 AM
can you please be a little more specific. what have you changed in the rule? what steps did you take?
Title: Re: IDS/IPS Restart / Reboot /Rule Change
Post by: karaman on September 01, 2020, 05:45:39 PM
I have set "ET SCAN Suspicious inbound to MSSQL port 1433" to Alarm only.
Butt the Suricata is still blocking. What must i make after change Rules / Rulesets.

Suricata doesnt use the new Rules.

I have already the Apply Button on Rules and also the Download and apply button. 

Title: Re: IDS/IPS Restart / Reboot /Rule Change
Post by: Fright on September 01, 2020, 06:02:54 PM
"Apply" should be enough.
in suricata log shoud  be strings  -- rule reload starting and -- rule reload complete. after that changes starts working.
Text only | Text with Images