Suricata IPS Multi Tenancy

[RLuceac]

Hello all!

I'll explain what I need, and what I thought of as a solution, and if you can help me or give me another solution, I'd be grateful.

I would like to create some IPS rules for the entire network, and some specific rules for my children (like blocking tiktok).

What I thought about doing is creating vlans, which would put both the computers and cell phones in a separate vlan, and with that I would apply some rules only to their vlan.

Is this solution correct? Do you have another solution for this?

I saw that suricata accepts multi tenancy, but looking for how to do this in opnsense I couldn't find how to do it.

Thanks!

[Monviech (Cedrik)]

Maybe a better solution would be to implement Zenarmor for this.

Suricata is for a different use case in my opinion.

[cookiemonster]

Maybe some confusion.
Blocking tiktok. Intrusion detection systems are not meant to be used for this purpose, blocking public services. There are no rules in them to do it. Wrong tool for the job.
If that is the problem you look a solution for, to block TickTok and other public services, you could use AdGuard.

[RLuceac]

Maybe a better solution would be to implement Zenarmor for this.

Suricata is for a different use case in my opinion.

Hi, thanks for the reply!

I think of using zenarmor, but for it to have multiple profiles I must pay a for a home edition... It's only $10 dollar, but here in my country it's much...

[RLuceac]

Maybe some confusion.
Blocking tiktok. Intrusion detection systems are not meant to be used for this purpose, blocking public services. There are no rules in them to do it. Wrong tool for the job.
If that is the problem you look a solution for, to block TickTok and other public services, you could use AdGuard.

Hi, thanks for the reply!

I saw that the suricata rules already have the Instagram one, so I thought about using it to block TikTok... I've never used AdGuard, is it free? Can it be installed in opnsense?

[cookiemonster]

it is free and the actual name is AdGuardHome. It is free and there is a plugin for OPN by mimugmail.
It's pretty good. I only use it for blocking adverts but has an easy push-of-a-button block for quite a few services, including tiktok.

[RLuceac]

Friends, I solved my problem...

I will share what I did.

I isolated my children's WiFi network in a VPN, and in that VPN I created firewall rules, blocking the ASN of Facebook, TikTok...

With this I managed to block these sites, and I can still schedule what time to release access, and even what time to block the internet completely, leaving other networks functioning normally.

I went even further and created another VPN for their TVs, and created a schedule to stop the internet at 10 am, so I no longer need to say it's time to sleep...

Thank you all!