OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • IPS rule order
« previous next »
  • Print
Pages: [1]

Author Topic: IPS rule order  (Read 5483 times)

dcol

  • Hero Member
  • *****
  • Posts: 635
  • Karma: 51
    • View Profile
IPS rule order
« on: December 06, 2017, 12:31:08 am »
Does the list of categories found in /usr/local/etc/suricata/installed_rules.yaml show the order at which they are processed?

I have some custom rules I want executed first. I know pass rules are processed first as in the suricata.yaml action order list. But I want some drop rules processed before other drop rules.
« Last Edit: December 06, 2017, 09:57:30 pm by dcol »
Logged

dcol

  • Hero Member
  • *****
  • Posts: 635
  • Karma: 51
    • View Profile
Re: IPS rule order
« Reply #1 on: December 06, 2017, 03:39:34 pm »
Anyone?

Also, the GeoIP IPS block is blocking all kinds of things it shouldn't including DNS and private networks.
« Last Edit: December 06, 2017, 10:05:28 pm by dcol »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • IPS rule order
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2