[SOLVED] Which IP to Block? Both! but does it work?
-
I am not sure if it is working as intended.
Why doesn't get the destination IP blocked? -
which one do you intend?
the "Suriata SMTP invalid reply" is probably set as alert only.
the "Suricata STREAM ESTABLISHED SYNACK" long story short because 192.168.1.11 is in a whitelistwhen suricata start it will automatically create a white list with the network of your interfaces.
-
@kiokoman But alerts should result in blocks (185.234.217.194) I thought.
-
There is a potential fix for this aleady submitted and it should show up as a new package version sometime during the day on Monday, Septermber 30th. I asked the pfSense developers to merge the change to RELEASE on September 30th. The change has already been made to the Suricata 4.1.5 package available over in the pfSense-2.5-DEVEL snapshots.
You can follow the pull request status here: https://github.com/pfsense/FreeBSD-ports/pull/679.
-
@bmeeks Thanks. Next Time I will look there first.
-
@Bob-Dig said in [SOLVED] Which IP to Block? Both! but does it work?:
@bmeeks Thanks. Next Time I will look there first.
I did not mean to imply not to ask questions here. Your query is welcomed. I simply posted the link so you could follow the status if you were interested. The formal bug reporting site is the pfSense Redmine site here: https://redmine.pfsense.org. You can register an account and report bugs and track their resolution there. You can also post here on the forum and ask about an issue.