Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: opnblue on February 23, 2025, 04:13:22 PM

Title: Exclude/bypass device from suricata in IPS mode not working
Post by: opnblue on February 23, 2025, 04:13:22 PM
Hi,
I would like to exclude a device from getting inspected.
I try to achieve this through a user defined setting that lets the device IP pass the CIDR of my LAN and ticked the bypass box.
However when in IPS mode – and only when in IPS mode – the device 'complains' and has network issues (it is actually my son that complains because it is his playstation and it`s lagging like crazy with IPS on).

Any idea how to troubleshoot?

Suricata version: latest built-in OPNsense 25.1.1
Interface: LAN
Pattern Matcher: Hyperscan
Hardware: Intel n100, 8GB RAM
Title: Re: Exclude/bypass device from suricata in IPS mode not working
Post by: opnblue on February 25, 2025, 10:17:19 AM
No idea, anyone?
Title: Re: Exclude/bypass device from suricata in IPS mode not working
Post by: ahro_john on April 11, 2025, 01:40:44 PM
You can try setting a specific pass rule for PlayStation IP at the top of the rules list, and make sure it's set to not use inspection — sometimes the user-defined settings don't override properly in IPS mode.
Text only | Text with Images