Suricata 4.1.5_2 on pfsense 2.5.0-DEVELOPMENT (amd64) not blocking torrents
-
hi guys,
How do I block torrents on my suricata? It's just alerting me on the torrents but not blocking my torrent downloads.
Thanks in advance.
-
-
Do you have blocking enabled on the INTERFACE SETTINGS tab for that instance?
-
Which blocking mode are you using: Legacy Mode or Inline IPS?
If using either Inline IPS or Legacy Mode with the Block DROPs Only option enabled, then you will need to manually modify the action of the rules you want to block from ALERT to DROP.
-
-
@bmeeks
I'm currently using INLINE IPS and it's now working. Thanks for the help. -
@war said in Suricata 4.1.5_2 on pfsense 2.5.0-DEVELOPMENT (amd64) not blocking torrents:
@bmeeks
I'm currently using INLINE IPS and it's now working. Thanks for the help.You're welcome. I assume you had configured INLINE IPS but had not changed the rule actions from ALERT to DROP. Is that correct?
You may have learned this in your research, but the SID MGMT tab is an easy way to change the action for large numbers of rules very easily. There are some Sticky Posts at the top of this forum about using SID MGMT to manage your rules.
-
@bmeeks said in Suricata 4.1.5_2 on pfsense 2.5.0-DEVELOPMENT (amd64) not blocking torrents:
SID MGMT
Thanks for your help. Okay I'll try to check the SID MGMT.
Thank you very much.
-
Even though the title for this Sticky Post says it is for Snort, the concepts and most of the screenshots are applicable to Suricata. There are some examples in there of using SID MGMT. Also, if you are using the Snort Subscriber Rules in your configuration, you could opt to enable an IPS Policy (IPS-Connectivity is a good starter policy).