Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Possible Bug??
« previous
next »
Print
Pages: [
1
]
Author
Topic: Possible Bug?? (Read 2076 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Possible Bug??
«
on:
May 15, 2020, 11:54:30 am »
Hello all,
Not sure if this is a bug or my own stupidity. I am trying out the Suricata intrusion detection plugin for the first time. I am getting the following error when I try to download the rulesets. Am I doing something wrong?
Thanks,
Steve
Logged
Voodoo
Newbie
Posts: 49
Karma: 4
Re: Possible Bug??
«
Reply #1 on:
July 26, 2020, 07:19:42 pm »
I had this as well trying suricata on 20.1, i fixed it by:
In Settings check "Enabled", uncheck "IPS Mode" for now, then apply.
Now select all rules and click disable selected then hit download & update, select the rules you want, click enable selected and then hit download & update again, this time it should work.
Check the alerts for a couple of days, if everything is ok, select your rules again and click enable drop filter, download & apply, then enable "IPS Mode". This will block all traffic seen before in the alerts.
Fyi suricata only works on hardware, if you run opnsense inside a kvm like me it will kernel panic your whole firewall as soon as ips mode is enabled. This will change with netmap support in 21.1 hopefully. Suricata is also using a lot of ram, make sure your firewall has enough, small setup already uses 2GB.
«
Last Edit: July 26, 2020, 07:24:23 pm by Voodoo
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Possible Bug??