Suricata strange behaviour SOLVED

Started by KILLERMANTV, August 10, 2022, 02:19:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 10, 2022, 02:19:02 AM Last Edit: August 10, 2022, 02:53:08 AM by KILLERMANTV
Hello,

I have enabled et telemetry version, enable all their rules, enabled suricata and ips mode on lan interface only watching the correct subnet.

However the behaviour is kind of strange, i was trying out the p2p ruleset with torrent and some of the traffic got blocked but in "alerts" tab it says action allowed, so i created a policy with these settings:
enabled: yes
rules: all the rules
action: alert
new action: drop
everything else is unchanged in the created policy.

After applying this policy it still says action "allowed" in alerts tab.

Thanks for help.
August 10, 2022, 02:52:53 AM #1
Well it appears i had to reset configuration and after applying policy once again it started to work
Print
Go Up Pages1
User actions