What order are rules processed when using IDS?

allebone · July 20, 2020, 02:51:26 PM

When using Intrusion Detection, what rules are processed first?

I have normal Firewall rules I would like processed before IDS is processed. Is this the default, or if not, how can I ensure my own rules are processed prior to IDS rules being processed?

Kind regards
Pete

mimugmail · July 20, 2020, 03:01:24 PM

No, first there is Suricata, then cames the Firewall. You can only flip if you let it listen to LAN instead of WAN

allebone · July 20, 2020, 03:16:01 PM

Hmm, that is disappointing. Thanks for clarifying.

mimugmail · July 20, 2020, 03:25:40 PM

IPS/netmap listens in the NIC while pf rules are processed in kernel.
It's the same as with Linux/iptables ...

What order are rules processed when using IDS?

allebone

July 20, 2020, 02:51:26 PM

mimugmail

July 20, 2020, 03:01:24 PM #1

allebone

July 20, 2020, 03:16:01 PM #2

mimugmail

July 20, 2020, 03:25:40 PM #3