hi,
is it possible to add the attackers IP (suricatas droped/blocked attacks) to a IP blocklist and block it before entering IPS ?
most of the time the same attacks from same ip happens every day and i want to pre block it per ip.
i know pfsense can do this, but i cant figure out to set it up on opnsense
thanks
tom
Not what you are looking for exactly, but you can lock.all.known IP Blocklists via a firewall URL alias. Requires less performance than IDS.
yeah i already know that thx.