1. Home
  2. pfSense Packages
  3. IDS/IPS
  4. Suricata turn on/off blockoffenders through command line

Suricata turn on/off blockoffenders through command line

  • M

    Hi all,

    I'm trying to set a cron job to turn off and on blocking at certain times of the day, but I can't for the life of me find a command to do this so that I can plug it into cron.

    Does anyone else already know of a way to do this?

    0
  • bmeeks

    There is no functionality included within the package to do this.  Why would you want to turn off the protection anyway?  If you are having issues with false positives, fix those instead of turning off all protection.

    Bill

    0
  • M

    We haven't implemented the IPS in production yet. The thinking was in the beginning stages of implementation we would only block hosts during working hours so that we can handle any false positives/blocks while we are on the clock, and disable blocking so issues don't crop up when we've all gone home for the day. If it's not possible then we'll just have to deal with it I guess.

    0
  • BBcan177
    Moderator

    Start to use the IDS in non-blocking mode for a couple weeks. This will give you time to fine-tune the rulesets according to the network characteristics.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy