Is there there a way to create custom rules for IDS in 24.7?
I am specifically wanting to create an alert for GRE.
# Alert on GRE traffic to a specific IP
alert ip any any -> {IP ADDRESS} any (msg:"GRE traffic to specific IP"; ip_proto:47; sid:1000002; rev:1;)
# Alert on high-volume GRE traffic
alert ip any any -> any any (msg:"High volume GRE traffic"; ip_proto:47; threshold: type both, track by_src, count 1000, seconds 60; sid:1000003; rev:1;)
The current user defined option does not cut it...
(https://forum.opnsense.org/index.php?action=dlattach;topic=42043.0;attach=36817)