Print Page - Suricata and "block"

Title: Suricata and "block" - missing Option
Post by: ollibraun on August 07, 2021, 08:53:23 PM

Hello,

I can't get Suricata into "Block" mode for the rulesets.

With a freshly set up OPNsense 21.7.1, I am not able to get the intrusion detection into IPS mode. The corresponding check mark under the settings is set. But I would now probably have to change the individual rule sets (and not each rule individually!) from Alert to Drop under the rule sets. I can find illustrations of this on the Internet; my installation seems to be missing an option.

(https://forum.opnsense.org/index.php?action=dlattach;topic=24258.0;attach=18280)

(https://forum.opnsense.org/index.php?action=dlattach;topic=24258.0;attach=18282)

Can anyone confirm this?

PS: Here is an illustration with the "Input Filter" line missing for me:

(https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/opnsense-intrusion-detection-3.png)

Best regards
Oliver

Title: Re: Suricata and "block" - missing Option
Post by: Fright on August 08, 2021, 07:57:34 AM

hi
imho the picture from the some outdated article
IDS\IPS now uses policies
you can set action for whole ruleset in SERVICES: INTRUSION DETECTION: POLICY

Title: Re: Suricata and "block" - missing Option
Post by: ollibraun on August 08, 2021, 02:13:36 PM

Ah, I see! That's what the official documentation says, but I hadn't looked that far because I always stumbled across the missing option before. Thanks for the tip! :)

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: ollibraun on August 07, 2021, 08:53:23 PM