Messages

1

Intrusion Detection and Prevention / Re: IP Blocklists are not working in Suricata

« on: November 14, 2024, 04:17:58 pm »

I cant get the IP blocklists to work in suricata
1. ET and Dshield blocklists
2. Whether they are multiple individual IPs or ranges
3. They do work if only a single IP in the rule
Has anyone else checked this?

It sounds like you're having trouble with multiple IP blocklists in Suricata. I think that you need to ensure that the syntax in your blocklist configuration is correct and consistent with Suricata’s rules format. For ranges, they should be defined properly (e.g., using CIDR notation). If the single IP rules work, it suggests a possible formatting issue with the blocklists or the way they're being loaded.