Manualy import rulesets

dyonis0s · March 13, 2019, 02:02:51 PM

Hello,

I'm using OPNSense in an architecture that is not connected to Internet.
I would like to use the IDS/IPS and especially import rulesets.

Is there a way to do that without Internet ?

Thank you :)

franco · March 14, 2019, 11:59:05 AM

Hi dyonis0s,

You can drop them directly into a rule dir on the file system, but I don't exactly remember which one.

It should have been noted in the forum previously.

Cheers,
Franco

MakesSense · March 15, 2019, 01:03:59 PM

I'm using OpnSense 18.7.10 (haven't upgraded yet due to the kernel panic issue).

There the Suricata rules are stored in these two folders:

/usr/local/etc/suricata/rules/
/usr/local/etc/suricata/opnsense.rules/

Not sure if both are needed...

I also add my custom rules files names to /usr/local/etc/suricata/installed_files.yaml

dyonis0s · March 15, 2019, 02:49:16 PM

Thank you for your help ;).

I'll give a try !

Manualy import rulesets

dyonis0s

March 13, 2019, 02:02:51 PM

franco

March 14, 2019, 11:59:05 AM #1

MakesSense

March 15, 2019, 01:03:59 PM #2

dyonis0s

March 15, 2019, 02:49:16 PM #3