Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata turn on/off blockoffenders through command line

    IDS/IPS
    3
    4
    938
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcentirefj last edited by

      Hi all,

      I'm trying to set a cron job to turn off and on blocking at certain times of the day, but I can't for the life of me find a command to do this so that I can plug it into cron.

      Does anyone else already know of a way to do this?

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        There is no functionality included within the package to do this.  Why would you want to turn off the protection anyway?  If you are having issues with false positives, fix those instead of turning off all protection.

        Bill

        1 Reply Last reply Reply Quote 0
        • M
          mcentirefj last edited by

          We haven't implemented the IPS in production yet. The thinking was in the beginning stages of implementation we would only block hosts during working hours so that we can handle any false positives/blocks while we are on the clock, and disable blocking so issues don't crop up when we've all gone home for the day. If it's not possible then we'll just have to deal with it I guess.

          1 Reply Last reply Reply Quote 0
          • BBcan177
            BBcan177 Moderator last edited by

            Start to use the IDS in non-blocking mode for a couple weeks. This will give you time to fine-tune the rulesets according to the network characteristics.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy