Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Which IP to Block? Both! but does it work?

    Scheduled Pinned Locked Moved IDS/IPS
    6 Posts 3 Posters 725 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8
      last edited by Bob.Dig

      I am not sure if it is working as intended.
      Why doesn't get the destination IP blocked?

      1.JPG

      2.JPG

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        which one do you intend?
        the "Suriata SMTP invalid reply" is probably set as alert only.
        the "Suricata STREAM ESTABLISHED SYNACK" long story short because 192.168.1.11 is in a whitelist

        when suricata start it will automatically create a white list with the network of your interfaces.

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        Bob.DigB 1 Reply Last reply Reply Quote 0
        • Bob.DigB
          Bob.Dig LAYER 8 @kiokoman
          last edited by

          @kiokoman But alerts should result in blocks (185.234.217.194) I thought.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by bmeeks

            There is a potential fix for this aleady submitted and it should show up as a new package version sometime during the day on Monday, Septermber 30th. I asked the pfSense developers to merge the change to RELEASE on September 30th. The change has already been made to the Suricata 4.1.5 package available over in the pfSense-2.5-DEVEL snapshots.

            You can follow the pull request status here: https://github.com/pfsense/FreeBSD-ports/pull/679.

            Bob.DigB 1 Reply Last reply Reply Quote 1
            • Bob.DigB
              Bob.Dig LAYER 8 @bmeeks
              last edited by

              @bmeeks Thanks. Next Time I will look there first.
              🖖

              bmeeksB 1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks @Bob.Dig
                last edited by

                @Bob-Dig said in [SOLVED] Which IP to Block? Both! but does it work?:

                @bmeeks Thanks. Next Time I will look there first.
                🖖

                I did not mean to imply not to ask questions here. Your query is welcomed. I simply posted the link so you could follow the status if you were interested. The formal bug reporting site is the pfSense Redmine site here: https://redmine.pfsense.org. You can register an account and report bugs and track their resolution there. You can also post here on the forum and ask about an issue.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.