Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Feature request: use of suricata 'ignoring traffic' features
« previous
next »
Print
Pages: [
1
]
Author
Topic: Feature request: use of suricata 'ignoring traffic' features (Read 5110 times)
elektroinside
Hero Member
Posts: 574
Karma: 51
Feature request: use of suricata 'ignoring traffic' features
«
on:
January 18, 2018, 06:40:55 pm »
This would be the starting point:
https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html
It would be very nice if these could be implemented in the GUI, at least capture filters, as they look like easy to implement
Many thanks!
«
Last Edit: January 18, 2018, 06:42:44 pm by elektroinside
»
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Feature request: use of suricata 'ignoring traffic' features
«
Reply #1 on:
January 19, 2018, 09:32:13 am »
For anyone following, the GitHub issue was posted via
https://github.com/opnsense/core/issues/2110
Thank you,
Franco
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: Feature request: use of suricata 'ignoring traffic' features
«
Reply #2 on:
January 19, 2018, 09:41:00 am »
Oh, nice, somebody else is interested in this as well
Thank you both
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
AC
Newbie
Posts: 23
Karma: 5
Re: Feature request: use of suricata 'ignoring traffic' features
«
Reply #3 on:
January 26, 2018, 07:08:21 am »
And one more
Logged
Almosetx
Newbie
Posts: 3
Karma: 0
Re: Feature request: use of suricata 'ignoring traffic' features
«
Reply #4 on:
March 08, 2018, 07:45:18 am »
It is good that we are involved in the question that came up.
Logged
AC
Newbie
Posts: 23
Karma: 5
Re: Feature request: use of suricata 'ignoring traffic' features
«
Reply #5 on:
April 04, 2018, 07:45:10 am »
I'm interessted in this as well. In pfsense you can make supress lists to exclude special hosts from a rule. Now I just can deactivate the whole rule for my whole network if it's blocking traffic to just one host.
I think that's an important enterprise feature because I have some hosts in my company network that use some kind of java application, but suricata blocked that, so I deactivated the whole rule, exposing all other clients to that particular "attack".
I've seen the feature was proposed for 18.7 but now it changed to no version... I'm really waiting for this. It makes no sense for me to buy the ET-Pro-Ruleset if I have to deactivate one whole rule just because one client triggered it as false positiv.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Feature request: use of suricata 'ignoring traffic' features
«
Reply #6 on:
April 04, 2018, 07:56:12 am »
Sorry, my bad, we added a shared 18.7 GitHub project, but it's not visible to non-members. I've put the milestone back now.
https://imgur.com/a/1VBgp
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Feature request: use of suricata 'ignoring traffic' features