English Forums > Intrusion Detection and Prevention
IPS rule order
(1/1)
dcol:
Does the list of categories found in /usr/local/etc/suricata/installed_rules.yaml show the order at which they are processed?
I have some custom rules I want executed first. I know pass rules are processed first as in the suricata.yaml action order list. But I want some drop rules processed before other drop rules.
dcol:
Anyone?
Also, the GeoIP IPS block is blocking all kinds of things it shouldn't including DNS and private networks.
Navigation
[0] Message Index
Go to full version