Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Suricata IPS ban IP (iteract with pf)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata IPS ban IP (iteract with pf) (Read 3526 times)
keve
Newbie
Posts: 2
Karma: 0
Suricata IPS ban IP (iteract with pf)
«
on:
June 15, 2017, 02:39:07 pm »
I have started using the IPS feature of Suricata and plugged some own rules. Alerts and Drops work fine.
I would like to enhance the setup by temporarily blacklisting IPs that match rules, i.e. something like fwsam:src, 60 minutes;
After reading the first three dozen sites on this topic I concluded that this is not possible with suricata as installed on opnsense.
Is this the right conclusion?
Is there a workaround? Triggering an action when suricata matches a rule and add the ip to a fw table? And have a periodic cron job expire the ips?
I appreciate any advise on this topic.
Cheers,
Keve
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Suricata IPS ban IP (iteract with pf)