IPS PPPoE Interface

[yeraycito]

Suricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.

[peterwkc]

Suricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.

Interesting topic.

[RamSense]

Wow, I have read everywhere that with PPPoE it was not possible, I just tried and it runs. Thank you for this tip

[nicholaswkc]

Can highlight this issue to dev @ FreeBSD?

[nicholaswkc]

Can highlight this issue to dev @ FreeBSD?

[Patrick M. Hausen]

Yes, you can. Use the freebsd-net mailing list or the FreeBSD bug tracker.

[Arien]

Suricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.

There's another action you should take with this scenario:
You have to manually add your public IP address to IDS (advanced mode) --> "Home Networks"

Almost in my case, there's a huge difference in triggered alerts, just try with and without it, and take a look in Alerts.