Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata and "block" - missing Option
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata and "block" - missing Option (Read 2377 times)
ollibraun
Newbie
Posts: 31
Karma: 0
Suricata and "block" - missing Option
«
on:
August 07, 2021, 08:53:23 pm »
Hello,
I can't get Suricata into "Block" mode for the rulesets.
With a freshly set up OPNsense 21.7.1, I am not able to get the intrusion detection into IPS mode. The corresponding check mark under the settings is set. But I would now probably have to change the individual rule sets (and not each rule individually!) from Alert to Drop under the rule sets. I can find illustrations of this on the Internet; my installation seems to be missing an option.
Can anyone confirm this?
PS: Here is an illustration with the "Input Filter" line missing for me:
Best regards
Oliver
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Suricata and "block" - missing Option
«
Reply #1 on:
August 08, 2021, 07:57:34 am »
hi
imho the picture from the some outdated article
IDS\IPS now uses policies
you can set action for whole ruleset in SERVICES: INTRUSION DETECTION: POLICY
Logged
ollibraun
Newbie
Posts: 31
Karma: 0
Re: Suricata and "block" - missing Option
«
Reply #2 on:
August 08, 2021, 02:13:36 pm »
Ah, I see! That's what the official documentation says, but I hadn't looked that far because I always stumbled across the missing option before. Thanks for the tip!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata and "block" - missing Option
