Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata HOME_NET - unable to uncheck Locally-Attached Networks

    IDS/IPS
    1
    2
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tipiewot last edited by

      Hi all,
      I'd like to fill strict addresses and nets in $HOME_NET variable for my LAN interface, excluding other "firewall Locally-Attached Networks".
      In other words : I have a LAN interface, and many other DMZ interfaces, and I would like to exclude DMZs networks from my LAN's HOME_NET variable.
      So I did like always :

      • pfSense alias including desired nets only
      • Suricata pass list pointing to this alias, and of course unchecking "Local Networks / Add firewall Locally-Attached Networks to the list (excluding WAN)"
      • select the pass list for my interface HOME_NET
        -validate everything
        and…  >:(
        The DMZs nets still appear in the list when I click "view list".  :-
        Is there anything I misunderstood ?  ???
        Any help would be greatly appreciated !  :)
        Thanks
        Pierre
      1 Reply Last reply Reply Quote 0
      • T
        tipiewot last edited by

        In other words : unchecking Local Networks from the pass list seems to have no effect.  :(
        Could it be a cosmetic issue, while clicking "View list"  ? (don't think so…)
        Also tried to overload HOME_NET value in Advanced Configuration Pass-Through, but Advanced Configuration Pass-Through seems to be broken too (encoded while config is saved).  :(

        1 Reply Last reply Reply Quote 0
        • First post
          Last post