Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata block

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 478 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • calitzinC
      calitzin
      last edited by

      Good afternoon
      Will someone know if Suricata can block malicious behavior instead of blocking the IP?

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Like cutting out bad content in IP packets ?
        No way.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          Yes, Suricata can drop packets within a session using its Inline IPS Mode. However, this mode uses the netmap OS driver and that requires your network interface card (NIC) be one of the supported driver families. Inline IPS Mode does not block a host IP address in the same way the Legacy Blocking mode does. Instead, it uses a netmap pipe between the NIC driver and the kernel OS stack and selectively drops packets that match Suricata rules.

          There is a new Snort package available for pfSense-2.5-DEVEL that also implements the same Inline IPS Mode of operation (and with the same netmap driver limitations). The new Snort package allows you to leverage OpenAppID to detect Layer 7 applications and drop those packets.

          Details on both packages can be found in the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.