OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention (Moderator: fabian) »
  • Suricata user defined rules
« previous next »
  • Print
Pages: [1]

Author Topic: Suricata user defined rules  (Read 273 times)

bmail

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Suricata user defined rules
« on: October 12, 2018, 10:22:15 am »
Hello,

I just see that user defined rules are no more applied ...
I also use squid. And, in order to filter website with its ssl fingerprint, I put the website in the "SSL no bump sites" list in the squid config.

After this, I use the SSL fingerprint of this website in order to create a new "user defined" rule (with a "reject" argument), in the suricata config section.

This one is no longer applied ... I can access to this website.

I use:
OPNsense 18.7.4-amd64
FreeBSD 11.1-RELEASE-p14
OpenSSL 1.0.2p 14 Aug 2018

And Hyperscan for "pattern matcher". But "default" does'nt work anymore.

Did someone notice this ?

Thanks a lot for any idea.
Best regards
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention (Moderator: fabian) »
  • Suricata user defined rules
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2