Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Policy Suricata not working
« previous
next »
Print
Pages: [
1
]
2
3
Author
Topic: Policy Suricata not working (Read 15450 times)
yeraycito
Sr. Member
Posts: 288
Karma: 18
Policy Suricata not working
«
on:
January 29, 2021, 03:20:17 am »
Opnsense 21.1
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #1 on:
January 29, 2021, 03:37:07 am »
Clean install Opnsense. Rules: ET Telemetry
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #2 on:
January 29, 2021, 03:51:41 am »
Nothing works. In the Rulesets section which states that if nothing is selected it applies to everything does not work. And if you select everything it doesn't work either. There is no way to select the rules in blocking. It worked so well before blocking the categories of rules in the Download section, why do you change it?
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Policy Suricata not working
«
Reply #3 on:
January 29, 2021, 07:54:43 am »
Do you have the Checkbox for IPS enabled?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #4 on:
January 29, 2021, 03:07:45 pm »
Yes. If I activate the lock setting in the Policy tab according to the following screenshot it does not work.
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #5 on:
January 29, 2021, 04:03:43 pm »
I just tried another test with a different configuration and it still doesn't work.
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #6 on:
January 29, 2021, 04:05:17 pm »
More screens
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #7 on:
January 29, 2021, 04:21:19 pm »
One last test with another configuration. It still does not work. The rule shown in the image as DROP is manually activated.
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #8 on:
January 29, 2021, 04:22:15 pm »
More screens
Logged
yeraycito
Sr. Member
Posts: 288
Karma: 18
Re: Policy Suricata not working
«
Reply #9 on:
January 29, 2021, 04:22:59 pm »
Last image
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Policy Suricata not working
«
Reply #10 on:
January 29, 2021, 04:45:49 pm »
can you set description to your policy and then go to "Rules" and filter rules with matched_policy\"your_policy"?
Logged
amichel
Jr. Member
Posts: 87
Karma: 8
Re: Policy Suricata not working
«
Reply #11 on:
January 30, 2021, 09:46:01 am »
Same here,
since the upgrade I see that the rules allow traffic instead of dropping it. I am using the same config as in 20.7 by implementing the "imported legacy import filter" Still no drops.
Maybe there is some configuration to be changed in the policy but the official documentation is not very helpful to be honest.
Is there a how to guide how to enable suricata so it drops packets by implementing the policies?
Filtering as per Policy shows nothing
«
Last Edit: January 30, 2021, 10:44:58 am by amichel
»
Logged
amichel
Jr. Member
Posts: 87
Karma: 8
Re: Policy Suricata not working
«
Reply #12 on:
January 30, 2021, 11:10:26 am »
I went back to the original config before the upgrade.
Now with the legacy rule untouched I see the rules are configured to block traffic
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Policy Suricata not working
«
Reply #13 on:
January 30, 2021, 11:57:17 am »
it seems that it may not be related to policies. also stopped blocking traffic on the test VM. deleted policies - not helped. turned off and on the checkboxes on the Settings tab (enabled, IPS, promisc) applying after each checkbox. IPS starts working after that.
may be some .yaml issue after update?
already completely blocked access to any remote management by including everything in the new policy and specifying the drop action
play carefully with policies
«
Last Edit: January 30, 2021, 11:59:37 am by Fright
»
Logged
logandzwon
Newbie
Posts: 4
Karma: 1
Re: Policy Suricata not working
«
Reply #14 on:
January 30, 2021, 05:04:58 pm »
Yes, agreed. It’s totally unclear on how it is supposed to work. It worked so well before the update too.
«
Last Edit: January 30, 2021, 07:36:35 pm by logandzwon
»
Logged
Print
Pages: [
1
]
2
3
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Policy Suricata not working