Question regarding GEOIP and floating rules

Started by afX33800, July 17, 2024, 11:40:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 17, 2024, 11:40:16 AM
Hello,

I've an interrogation about GEOIP and floating rules.

I've installed GEOIP by Maxmind and Opnsense how to.
I blocked all of the world excepted Europe.

I don't understand why on Suricata I've plenty on entry log from IP "normally" blocked on Wan.
So I think about a misconfiguration on my rules, or on other problem.

I've joined my floating rules. If you can see and say if you detect an error.

I've 10 interfaces because of (WAN + LAN + VPN + VLANS).

thanks in advance !

Aurélien
July 17, 2024, 11:44:43 AM #1
If you run Suricata on WAN it will be applied before any firewall rules.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 17, 2024, 01:57:39 PM #2
Indeed with this information, it's more clear.

So other question :
What is the best security process ?
Run suricata on wan (like actually) or to be confident on DROP rules on wan side ?
July 17, 2024, 02:11:59 PM #3
There is no "best" process. I personally don't believe in IDS and do not use any of them. I run Crowdsec, though.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions