1
Intrusion Detection and Prevention / Re: User defined rules with dynamic IPv6 prefix possible somehow?
« on: November 18, 2023, 03:24:42 pm »Then you do not need a bypass rule at all, do you? Essentially, the user-defined rule is there to keep Suricata from inspecting the local traffic, avoiding to slow it down. But "local traffic" over the firewall can only occur between different interfaces. If you have only one, there is no need for optimization.That's what I thought too but as mentioned in one of my previous posts I couldn't even access my NAS anymore. It's gotten better with these rules. Only the problem with accessing the OPNsense's web UI remains.
Is that also Suricata-induced? If so, I suggest adding the RFC1918 rules as well, as you probably access the web UI via IPv4.Yes, it is Suricata included. And of course I also added the IPv4 addresses according to RFC1918.
Something about this is weird but I think I'm gonna stay without IDS/IPS. Didn't have any problems before without it. Maybe I'll think about adding Crowdsec again but the bouncer didn't have much to do last time so maybe not.