Publish BGP routes from IPS
I currently use pfSense for my IDS which is out of band. I am not up to the point of replacing my router with pfSense.
However, I am trying to implement the IPS functionality, but in a little of a different way...
On my router, I have a RTBH which works using BGP. Essentially, in order to block an address it would update it's BGP route to a blackhole..
What I am trying to do is, that when anything needs to be blocked by Suricata's system on pfSense, it should publish a BGP update instead of "blocking". Then I will have the router accept these updates from it's new BGP neighbor - pfSense.
Anyway to implement it?
bmeeks last edited by
No, that feature is not available. You would have to roll-your-own by creating your own custom Suricata output plugin module and compiling it into the Suricata binary.