Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Block Suricata Rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block Suricata Rules (Read 7221 times)
Sundial
Newbie
Posts: 20
Karma: 3
Block Suricata Rules
«
on:
July 08, 2016, 03:29:29 am »
I just installed a fresh copy of 16.7.r1 in a small production environment. I'm testing out the Suricata Intrusion Detection feature. I currently have it setup to alert and not drop anything so that I can gather some information for tuning before I drop. However, when I disable a rule in the "Rules" tab by unchecking the "Enabled" box for the rule, I still keep getting alerts. Even after a reboot, the rule is still unchecked but the alert for that rules keeps happening. Any advice would be appreciated.
Logged
Sundial
Newbie
Posts: 20
Karma: 3
Re: Block Suricata Rules
«
Reply #1 on:
July 08, 2016, 02:06:09 pm »
I'm not sure what was happening the first time, but since the last Rule download and update everything appears to work as I would expect. I can now manually disable a rule and it actually appears to disable.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Block Suricata Rules
«
Reply #2 on:
July 08, 2016, 06:03:01 pm »
If that should happen again, please let us know.
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: Block Suricata Rules
«
Reply #3 on:
July 08, 2016, 11:20:17 pm »
Hi Sundial,
i just have tested this and its seems to be ok on my VM OPNSENSE.
Just to double check, after changing the rules from drop to alert, , you have to download the rules again and apply them.
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Sundial
Newbie
Posts: 20
Karma: 3
Re: Block Suricata Rules
«
Reply #4 on:
July 09, 2016, 06:03:05 am »
Not any more. I downloaded the rules initially and then after getting lots of alerts, I tried to disable them (including clicking Apply on the Rules tab). The rules never seemed to "Apply". Then I manually downloaded the rules again. After the second manual download everything is working liked I'd expect and I can't repeat the "bad" behavior or explain it. During the bad times, I was having some random, intermittent web interface issues (..it would freeze or have extra long pauses and sometimes require restarting...and yes, I was very patient waiting several minutes...and the machine is a quad core i3 with 4GB RAM and SSD). Perhaps the web interface issues are the real culprit. However, almost all of those issues are gone now even though I haven't really changed anything but did reboot a few times. I'm sorry I can't provide real diagnostic information, but everything has been working as I'd expect for over a day now.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Block Suricata Rules