OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: kapara on November 25, 2018, 12:28:51 am

Title: Firewall Allow rules and Suricata
Post by: kapara on November 25, 2018, 12:28:51 am

Will rules enabling certain IP's through the firewall override rules from Suricata or will Suricata still block the traffic if set to block and the firewall has an allow for the same IP that Suricata might block based on the rule analysis?

Title: Re: Firewall Allow rules and Suricata
Post by: AdSchellevis on November 25, 2018, 12:09:09 pm

The traffic hits Suricata first, when a packet is dropped there it won't reach anything else.

Title: Re: Firewall Allow rules and Suricata
Post by: Xames81 on December 06, 2018, 10:06:08 pm

Then a VNC connection could be dropped because suricata think is hacker connection not me?

thanks