4. Suricata block

Suricata block

  • C

    Good afternoon
    Will someone know if Suricata can block malicious behavior instead of blocking the IP?

    0

  • Hi,

    Like cutting out bad content in IP packets ?
    No way.

    0

  • Yes, Suricata can drop packets within a session using its Inline IPS Mode. However, this mode uses the netmap OS driver and that requires your network interface card (NIC) be one of the supported driver families. Inline IPS Mode does not block a host IP address in the same way the Legacy Blocking mode does. Instead, it uses a netmap pipe between the NIC driver and the kernel OS stack and selectively drops packets that match Suricata rules.

    There is a new Snort package available for pfSense-2.5-DEVEL that also implements the same Inline IPS Mode of operation (and with the same netmap driver limitations). The new Snort package allows you to leverage OpenAppID to detect Layer 7 applications and drop those packets.

    Details on both packages can be found in the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy