Hello, everyone
I just turn on my suricata ips and found it useful. Currently I drop traffic from the following rules
and a lot of dns garbage traffic disappeared
ET DROP Dshield Block Listed Source group *
ET DROP Spamhaus DROP Listed Traffic Inbound group *
What I am curious is will suricata receive Dshield and Spamhaus list update frequently?
I google around and found some similar rule on github is very old.
Thanks,
Opnsense rules change at times, they are refreshed from those sites
The rules update if you do a manual rule update and install
Or can set up automatic rule updates
Note: Opnsense runs suricata rules and not snort
They are not compatible, they dont have the same engine
Your own rules can be entered manually
If its a simply rule or temporary you can use user defined rules
Thank you very much for your reply.
If I setup auto update rules everyday, I can
receive newest Dshield, Spamhaus block list
by daily base?
If that is the case, these two list should
be good and reliable block list to use.