OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • [solved] Suricata: Custom rules will not be loaded
« previous next »
  • Print
Pages: [1]

Author Topic: [solved] Suricata: Custom rules will not be loaded  (Read 2446 times)

dvmade

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
[solved] Suricata: Custom rules will not be loaded
« on: April 26, 2018, 07:09:55 am »
Hi forum,
I setup a custom ruleset like in the topic https://forum.opnsense.org/index.php?topic=7209.0 described.
The rule is updated (new timestamp in Download tab) but never shown in the 'Rules' tab.

Inside a use a copy of Stream excessive retransmission ruleset to check if rule is working.
But unfortunately not.

Code: [Select]
alert tcp any any -> any [2021:2027] msg:"Port to PLC used"; classtype:bad-unknown; sid:8010001; rev:1;
alert tcp any any -> any any (msg:"TOK STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:8810054; rev:1;)

Does anybody has an idea?

Edit: Also the manual definition as file in /usr/local/etc/suricata/rules/ is not working
Edit: I solved it by using untangle. It fits percfect as transparent bridge and the free Apps are enough for my tests

Greets
dvmade
« Last Edit: April 27, 2018, 03:49:33 pm by dvmade »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • [solved] Suricata: Custom rules will not be loaded
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2