@fsansfil:
Right now I dont have full control over $HOME_NET… for an example, I have suricata on WAN, LAN and not on OPT1. But no matter what I do, I end up with the OPT1 network in the $HOME_NET (white/pass list) of the LAN Suricata...Let us use aliases to fully define $HOME_NET, $EXTERNAL... etc.
Are you creating the custom HOME_NET list this way?
1. Go to Firewall…Alias and create one or more aliases as necessary to define your custom HOME_NET. You might have to create several sub-aliases, and then combine them into a single master alias.
2. Create a Pass List on the PASS LIST tab. Give it a name. Maybe "my_homenet" or something.
3. Within that Pass List, uncheck all the checkboxes. Then assign the alias created in step #1 to the ADDRESS field. Save the Pass List.
4. Go to the INTERFACE SETTINGS tab for the interface you want to customize HOME_NET for. In the HOME_NET drop-down, select the Pass List created in step #2. Save the change.
5. Restart Suricata on the interface to pick up the change in HOME_NET.
Following these steps should let you create a HOME_NET variable containing only exactly what you want. You can also customize a number of the PORT_VARIABLEs on the VARIABLES tab. Just first create one or more aliases to define your custom ports, then assign those aliases to the port variables on the VARIABLES tab.
@fsansfil:
Custom rules, It would be nice yo be able to invoke one of our list, not just copy-paste into the web interface (limited in numbers at this time)
Providing the ability to upload and use a custom file should be pretty easy to implement. I will put that on my TODO list of new features.
Bill