Suricata behaviour after a fresh install
-
Hello guys,
I am very new into this, just found about Suricata. It's the first time I use PFsense so please don't take me too hard. Thank you!
I've put my VPS behind a PFsense server as recently I received lots of DDoS attacks. (I even know who is doing it, but that's another story, police story).
The besic setup is done, the server is working now behind this server with PFsense OS installed on it. The basic ports are open.
But I want to add more protection so I found about this Suricata thing which I never used in my life (actually I never used PFsense in my life).
So, my simple question is what happens after installing Suricata on this PFsense machine? Will it do anything automatically?
Will it require a reboot of the PFsense server?
Will it automatically block all the traffic or something?
Will this have any major impact after freshly installing it?!I would love to hear NO as an answer to all my questions. I would like to do the setup first and then enable it after finishing the setup. :)
Thank you!
-
@valir "No"...you need to configure it, enable rulesets, etc. There is a wizard that runs when adding an interface (suggest adding LAN, as WAN will look at packets that will end up being blocked by the firewall). There is a choice to block or not...suggest not blocking for a while and watching the Alerts tab to see what will be blocked. Also, it may be best to start in the default Legacy mode as there are a variety of small issues with Inline mode for instance depending on the NICs. You may want to add your IP to a Pass list so you're not blocked.