OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • IPS / Suricata policy not working
« previous next »
  • Print
Pages: [1]

Author Topic: IPS / Suricata policy not working  (Read 2296 times)

eponymous

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 5
    • View Profile
IPS / Suricata policy not working
« on: June 20, 2021, 08:12:11 pm »
Hi,

I've added a policy which applies to all of the abuse.ch lists and some of the ETOpen lists.

This is simply to make them "drop" instead of "alert".

However, I've noticed that when I apply this and then download and update the rules, only some of the rules are set to "drop" with the rest being left at "alert". I've also noticed that only the abuse.ch lists actually seem to update looking at the last updated timestamp.

Is this a known issue? I've not found any posts or bug reports yet which confirms this but I may have missed something. I'm using the community version of OPNsense 21.1.7.
Logged

AmatorPhasma

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: IPS / Suricata policy not working
« Reply #1 on: June 22, 2021, 07:03:50 pm »
works as expected on my side.

here my policy
Logged

eponymous

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 5
    • View Profile
Re: IPS / Suricata policy not working
« Reply #2 on: August 08, 2021, 06:17:42 pm »
I managed to fix this by adjust my policy to set all rules to drop - regardless of their current setting. This seems to work now.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • IPS / Suricata policy not working
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2