Suricata and "block" - missing Option

Started by ollibraun, August 07, 2021, 08:53:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 07, 2021, 08:53:23 PM
Hello,

I can't get Suricata into "Block" mode for the rulesets.

With a freshly set up OPNsense 21.7.1, I am not able to get the intrusion detection into IPS mode. The corresponding check mark under the settings is set. But I would now probably have to change the individual rule sets (and not each rule individually!) from Alert to Drop under the rule sets. I can find illustrations of this on the Internet; my installation seems to be missing an option.






Can anyone confirm this?

PS: Here is an illustration with the "Input Filter" line missing for me:



Best regards
Oliver
August 08, 2021, 07:57:34 AM #1
hi
imho the picture from the some outdated article
IDS\IPS now uses policies
you can set action for whole ruleset in SERVICES: INTRUSION DETECTION: POLICY
August 08, 2021, 02:13:36 PM #2
Ah, I see! That's what the official documentation says, but I hadn't looked that far because I always stumbled across the missing option before. Thanks for the tip!  :)
Print
Go Up Pages1
User actions