Hello everyone,
I am using Suricata for quiet a while on my virtual OPNsense firewall.
I recently stumbled accross an intressting thing: On Suricatas log it says that it blocks some specific IPs for e.g. SSH scan but on the destination host I can also see that fail2ban is banning the specific IP.
So from my point of view it looks like that Suricata is "lying" about blocking it.
Anyone else having same troubles?
Okay it seems to block the initial traffic but traffic from same IP with same attack vector (e.g. SSH scanning) will be passed through after some time