Suricata Pass List Setup Questions/Issues

  • I am trying to set up a pass list for Suricata so my cloud-based POS system does not get blocked. I have the IP addresses, but its hosted by CloudFlare. CloudFlare doesn't allow for direct IP address access(see attached), so when I put in the IPs into the alias section I get "Could not fetch the URL." When I use the FQDN, it works, but Suricata does not use FQDNs.

    -Is there any sort of work around while still using IPs?
    -Or am I limited to going though alerts and blocks to filter out the rules that are blocking the POS system?

    ![Screen Shot 2017-12-26 at 1.03.29 PM.png](/public/imported_attachments/1/Screen Shot 2017-12-26 at 1.03.29 PM.png)
    ![Screen Shot 2017-12-26 at 1.03.29 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-12-26 at 1.03.29 PM.png_thumb)

  • what type of alias are you using? seems like you use URL(IPs).
    try to add the ip to a host-type-alias or use a network-type-alias.

Log in to reply