Messages

1

Intrusion Detection and Prevention / Suricata IPS manual blocking/unblocking vs. snort and guardian

« on: February 21, 2024, 11:31:50 am »

Does anyone have experience with using Suricata as an IPS? Im on Debian and I'd like to be able to manually block and unblock specific ip addresses (iptables). I've not used Suricata as I am currently running Snort as an IDS and guardian as my IPS. I've done a bit of research into Suricata and, as far as I can tell, one can manually add rules to Suricata's rule file which will block a given ip address. When Suricata is running as a daemon, do the block rules get wiped when you restart the daemon like they do with guardian? Thanks in advance for any tips.