Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Suricata strange behaviour SOLVED
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata strange behaviour SOLVED (Read 945 times)
KILLERMANTV
Newbie
Posts: 12
Karma: 0
Suricata strange behaviour SOLVED
«
on:
August 10, 2022, 02:19:02 am »
Hello,
I have enabled et telemetry version, enable all their rules, enabled suricata and ips mode on lan interface only watching the correct subnet.
However the behaviour is kind of strange, i was trying out the p2p ruleset with torrent and some of the traffic got blocked but in "alerts" tab it says action allowed, so i created a policy with these settings:
enabled: yes
rules: all the rules
action: alert
new action: drop
everything else is unchanged in the created policy.
After applying this policy it still says action "allowed" in alerts tab.
Thanks for help.
«
Last Edit: August 10, 2022, 02:53:08 am by KILLERMANTV
»
Logged
KILLERMANTV
Newbie
Posts: 12
Karma: 0
Re: Suricata strange behaviour
«
Reply #1 on:
August 10, 2022, 02:52:53 am »
Well it appears i had to reset configuration and after applying policy once again it started to work
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Suricata strange behaviour SOLVED