IPS / Suricata policy not working

Started by eponymous, June 20, 2021, 08:12:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 20, 2021, 08:12:11 PM
Hi,

I've added a policy which applies to all of the abuse.ch lists and some of the ETOpen lists.

This is simply to make them "drop" instead of "alert".

However, I've noticed that when I apply this and then download and update the rules, only some of the rules are set to "drop" with the rest being left at "alert". I've also noticed that only the abuse.ch lists actually seem to update looking at the last updated timestamp.

Is this a known issue? I've not found any posts or bug reports yet which confirms this but I may have missed something. I'm using the community version of OPNsense 21.1.7.
June 22, 2021, 07:03:50 PM #1
works as expected on my side.

here my policy
August 08, 2021, 06:17:42 PM #2
I managed to fix this by adjust my policy to set all rules to drop - regardless of their current setting. This seems to work now.
Print
Go Up Pages1
User actions