Is it possible to limit scanning on the WAN interface to a single port?
-
I have suricata set up to scan on the LAN (obviously), however i have one open port on the WAN (port forward for plex).
is it possible to have suricata ONLY scan that one port on the wan instead of the entire wan interface? this would be to limit all the noise that would otherwise be generated.
thanks!
-
@jc1976 AFAIK know, no, but you can limit categories scanned on WAN. You probably don't need it scanning on both interfaces though?
-
re: scanning on both interfaces...
well, i suppose if i can limit it then the firewall on the windows box that it's port-forwarding to would take care of it.. but in a perfect world i would prefer to have suricata scanning the one port on my wan that i have open.
i've thought about putting that box on it's own vlan, i believe i can do that. i'm just not advanced/savvy enough to where i can whittle it all down to what's needed and what isn't