Suricata IPS Unblocking a blocked Ip address

Started by Meg, February 28, 2025, 12:21:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 28, 2025, 12:21:58 AM
I am new to using suricata and was wondering when a rule blocks an Ip address how long is it blocked for and can I change the length of time a rule blocks an ip address. Also how would I unblock an ip that was blocked that is a false positive.
March 16, 2025, 02:51:57 AM #1
The length of time is set in the rule if it isnt a permanent block
To change block time you have to change it in the rule on your system, be aware it resets when rules are downloaded again
On your system get the rule, change it, put it back via sftp
Never heard of or seen a false positive
Rules are set to trigger, it isnt false
Would need more information on that
March 16, 2025, 06:08:27 PM #2
Thanks for the reply. I can see that now. About the false positives. I have suricata monitoring the wan with zenarmor on the lan. I have read the there are a lot of false positives from noise" that firewall rules are likely to drop anyway.
Print
Go Up Pages1
User actions