English Forums > Intrusion Detection and Prevention

IPS rule order

(1/1)

dcol:
Does the list of categories found in /usr/local/etc/suricata/installed_rules.yaml show the order at which they are processed?

I have some custom rules I want executed first. I know pass rules are processed first as in the suricata.yaml action order list. But I want some drop rules processed before other drop rules.

dcol:
Anyone?

Also, the GeoIP IPS block is blocking all kinds of things it shouldn't including DNS and private networks.

Navigation

[0] Message Index