OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: dyonis0s on March 13, 2019, 02:02:51 pm

Title: Manualy import rulesets
Post by: dyonis0s on March 13, 2019, 02:02:51 pm
Hello,

I'm using OPNSense in an architecture that is not connected to Internet.
I would like to use the IDS/IPS and especially import rulesets.

Is there a way to do that without Internet ?

Thank you :)
Title: Re: Manualy import rulesets
Post by: franco on March 14, 2019, 11:59:05 am
Hi dyonis0s,

You can drop them directly into a rule dir on the file system, but I don't exactly remember which one.

It should have been noted in the forum previously.


Cheers,
Franco
Title: Re: Manualy import rulesets
Post by: MakesSense on March 15, 2019, 01:03:59 pm
I'm using OpnSense 18.7.10 (haven't upgraded yet due to the kernel panic issue).

There the Suricata rules are stored in these two folders:

/usr/local/etc/suricata/rules/
/usr/local/etc/suricata/opnsense.rules/

Not sure if  both are needed...

I also add my custom rules files names to /usr/local/etc/suricata/installed_files.yaml
Title: Re: Manualy import rulesets
Post by: dyonis0s on March 15, 2019, 02:49:16 pm
Thank you for your help ;).

I'll give a try !