Interface specific rules for Suricata?

CJ · May 16, 2022, 02:33:44 PM

Is it possible to set Suricata rules on an interface specific basis?

For example, one of the rules is for discord DNS queries. I use discord, so this is expected. But I should not be seeing discord DNS queries from my DMZ servers.

Right now my options appear to be to either exclude LAN from monitored interfaces, leave the rule at Alert and wade through the list for things not on LAN, or disable the rule altogether.

Any ideas? Thanks.

Interface specific rules for Suricata?

CJ

May 16, 2022, 02:33:44 PM