Suricata not blocking - in blocking mode
-
For some reason, and perhaps i am missing something here, i cant get suricata to block.
Below are my settings
I issued an namp on my LAN towards my DMZ hoping to see my IP blocked and i dont. namp scan succeeded.
The nmap scan i did: # nmap -sS -T4 -A 192.168.15.3
-
@michmoor:
So these are the alerts from the scan?If you are using Inline IPS Mode, then the rule is set to ALERT only according to the screenshot.
If using Legacy Blocking Mode, then most likely your LAN and DMZ are both in the default Pass List and won't be blocked. The default Pass List includes all locally-attached networks on the firewall (except the WAN).