[solved] Suricata: Custom rules will not be loaded

Started by dvmade, April 26, 2018, 07:09:55 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 26, 2018, 07:09:55 AM Last Edit: April 27, 2018, 03:49:33 PM by dvmade
Hi forum,
I setup a custom ruleset like in the topic https://forum.opnsense.org/index.php?topic=7209.0 described.
The rule is updated (new timestamp in Download tab) but never shown in the 'Rules' tab.

Inside a use a copy of Stream excessive retransmission ruleset to check if rule is working.
But unfortunately not.

Code Select

alert tcp any any -> any [2021:2027] msg:"Port to PLC used"; classtype:bad-unknown; sid:8010001; rev:1;
alert tcp any any -> any any (msg:"TOK STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:8810054; rev:1;)


Does anybody has an idea?

Edit: Also the manual definition as file in /usr/local/etc/suricata/rules/ is not working
Edit: I solved it by using untangle. It fits percfect as transparent bridge and the free Apps are enough for my tests

Greets
dvmade
Print
Go Up Pages1
User actions