English Forums > Intrusion Detection and Prevention

IPS rule order


Does the list of categories found in /usr/local/etc/suricata/installed_rules.yaml show the order at which they are processed?

I have some custom rules I want executed first. I know pass rules are processed first as in the suricata.yaml action order list. But I want some drop rules processed before other drop rules.


Also, the GeoIP IPS block is blocking all kinds of things it shouldn't including DNS and private networks.


[0] Message Index

Go to full version