suricata blocklist

[tomsch]

hi,

is it possible to add the attackers IP (suricatas droped/blocked attacks) to a IP blocklist and block it before entering IPS ?

most of the time the same attacks from same ip happens every day and i want to pre block it per ip.

i know pfsense can do this, but i cant figure out to set it up on opnsense

thanks
tom

[abulafia]

Not what you are looking for exactly, but you can lock.all.known IP Blocklists via a firewall URL alias. Requires less performance than IDS.

[tomsch]

yeah i already know that thx.