Hitting 'Apply' on IDS Policy never(?) completes

[gctwnl]

To make sure the rules I have selected actually drop the traffic, I need to create a Policy that actually changes the default 'alert' on those rules to 'drop'.

So, I created such a rule, but when I clicked 'Apply' for the first time, it was not done after 30 minutes.

CPU usage is low, so what is it doing? Memory usage is high.

This one (a big one on almost all my rulesets) never finished:

Code: [Select]

# cat/usr/local/etc/suricata/rule-policies.config
[843a267bc7314362b09a08d4a25a9f51]
enabled=1
prio=0
rulesets=abuse.ch.feodotracker.rules,abuse.ch.sslblacklist.rules,abuse.ch.sslipblacklist.rules,abuse.ch.threatfox.rules,abuse.ch.urlhaus.rules,botcc.rules,ciarmy.rules,compromised.rules,drop.rules,dshield.rules,emerging-malware.rules,emerging-mobile_malware.rules,emerging-phishing.rules,emerging-web_client.rules,emerging-web_server.rules,opnsense.test.rules
content=
action=drop
__target_action__=drop
__policy_id__=843a267b-c731-4362-b09a-08d4a25a9f51
__policy_description__=Drop everything on these sets
What should I do to get my rulesets to actually block instead of just alert?

[gctwnl]

This happened when I load abuse.ch ThreatFox. It does not happen with my current set which excludes ThreatFox