IPS rule order

Started by dcol, December 06, 2017, 12:31:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 06, 2017, 12:31:08 AM Last Edit: December 06, 2017, 09:57:30 PM by dcol
Does the list of categories found in /usr/local/etc/suricata/installed_rules.yaml show the order at which they are processed?

I have some custom rules I want executed first. I know pass rules are processed first as in the suricata.yaml action order list. But I want some drop rules processed before other drop rules.
December 06, 2017, 03:39:34 PM #1 Last Edit: December 06, 2017, 10:05:28 PM by dcol
Anyone?

Also, the GeoIP IPS block is blocking all kinds of things it shouldn't including DNS and private networks.
Print
Go Up Pages1
User actions