Basic questions on how Suricata operates
-
First question, is Suricata in pfSense (inline mode) able to drop (or instruct PF to do it) a connection instead of blocking an IP?
Second question, is Suricata in pfSense (inline mode) able to block destination (WAN) IP:port while it listens on LAN interface? -
First question, is Suricata in pfSense (inline mode) able to drop (or instruct PF to do it) a connection instead of blocking an IP?
Second question, is Suricata in pfSense (inline mode) able to block destination (WAN) IP:port while it listens on LAN interface?Go read this post to answer question #1: https://forum.pfsense.org/index.php?topic=135331.0.
The answer to question #2 is "no, it can't do that". Why would you want to do that anyway?
Bill