Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 7.0.8_3 IPS Mode Not Blocking on pfSense 2.8.1

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 170 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kkierii
      last edited by

      pfSense Version: 2.8.1-RELEASE

      Suricata Package Version: 7.0.8_3

      System: VMware Virtual Machine with vmxnet3 NICs.

      Summary of Issue:

      I have configured Suricata for IPS blocking ('Block Offenders' is enabled). The system generates alerts correctly, but fails to block any traffic. The configuration appears correct, but the blocking action does not occur.

      Key Troubleshooting Finding:

      Blocking fails in both Inline IPS Mode (with Workers Run Mode) and also in Legacy IPS Mode. In all tested configurations, the correct alert is generated in the Suricata log, but the traffic is allowed to pass through.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @kkierii
        last edited by

        @kkierii In inline mode you need to set up the rules for blocking.

        For legacy, is one of the IPs in a pass list? The blocks should occur but expire in 15 minutes by default.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        K 1 Reply Last reply Reply Quote 0
        • K Offline
          kkierii @SteveITS
          last edited by

          @SteveITS Pass lists are completely blank. there are some blocks that have occured so it seems to be blocking some things.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.