IPS PPPoE Interface

Started by juliocbc, September 20, 2018, 08:33:17 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
December 13, 2024, 02:56:03 PM #15 Last Edit: December 13, 2024, 03:08:35 PM by yeraycito
Suricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.
December 27, 2024, 11:19:49 AM #16
Quote from: yeraycito on December 13, 2024, 02:56:03 PMSuricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.

Interesting topic.
December 27, 2024, 12:37:34 PM #17
Wow, I have read everywhere that with PPPoE it was not possible, I just tried and it runs. Thank you for this tip
Deciso DEC850v2
February 03, 2025, 07:29:19 AM #18
Can highlight this issue to dev @ FreeBSD?
February 12, 2025, 08:10:50 AM #19
Can highlight this issue to dev @ FreeBSD?
February 12, 2025, 08:39:52 AM #20
Yes, you can. Use the freebsd-net mailing list or the FreeBSD bug tracker.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 01, 2025, 11:38:48 AM #21
Quote from: yeraycito on December 13, 2024, 02:56:03 PMSuricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.

There's another action you should take with this scenario:
You have to manually add your public IP address to IDS (advanced mode) --> "Home Networks"

Almost in my case, there's a huge difference in triggered alerts, just try with and without it, and take a look in Alerts.
December 15, 2025, 10:08:07 AM #22
Can someone help to highlight this issue to FreeBSD Developers?
December 15, 2025, 10:35:43 AM #23
As I wrote: you can. There's a FreeBSD bug tracker and a freebsd-net mailing list:

https://bugs.freebsd.org/bugzilla/
https://lists.freebsd.org/subscription/freebsd-net

I do not run Suricata so it's no use if I just start the discussion while not being able to answer any questions that will probably arise. I pointed you at the proper channels multiple times.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages 1 2
User actions