Exclude/bypass device from suricata in IPS mode not working

opnblue · February 23, 2025, 04:13:22 PM

Hi,
I would like to exclude a device from getting inspected.
I try to achieve this through a user defined setting that lets the device IP pass the CIDR of my LAN and ticked the bypass box.
However when in IPS mode – and only when in IPS mode – the device 'complains' and has network issues (it is actually my son that complains because it is his playstation and it`s lagging like crazy with IPS on).

Any idea how to troubleshoot?

Suricata version: latest built-in OPNsense 25.1.1
Interface: LAN
Pattern Matcher: Hyperscan
Hardware: Intel n100, 8GB RAM

opnblue · February 25, 2025, 10:17:19 AM

No idea, anyone?

Exclude/bypass device from suricata in IPS mode not working

opnblue

February 23, 2025, 04:13:22 PM

opnblue

February 25, 2025, 10:17:19 AM #1