Firewall Allow rules and Suricata

kapara · November 25, 2018, 12:28:51 AM

Will rules enabling certain IP's through the firewall override rules from Suricata or will Suricata still block the traffic if set to block and the firewall has an allow for the same IP that Suricata might block based on the rule analysis?

AdSchellevis · November 25, 2018, 12:09:09 PM

The traffic hits Suricata first, when a packet is dropped there it won't reach anything else.

Xames81 · December 06, 2018, 10:06:08 PM

Then a VNC connection could be dropped because suricata think is hacker connection not me?

thanks

Firewall Allow rules and Suricata

kapara

November 25, 2018, 12:28:51 AM

AdSchellevis

November 25, 2018, 12:09:09 PM #1

Xames81

December 06, 2018, 10:06:08 PM #2