Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force-disable this rule and remove it from the current rule set

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MilesDeep
      last edited by

      I keep having Team Viewer blocked on outbound connections.  Keeping up with the various IPs and ports used makes it a chore to keep using Team Viewer to remotely admin computers around our network.  It seem I'm clicking "add this alert to the suppress list"  every day.

      What would "force-disable this rule and remove it from the current rule set" do?  Would this force Allow or force Deny everything meant for this rule?  And, if it does allow all, is that a bad idea?

      1 Reply Last reply Reply Quote 0
      • bmeeksB Offline
        bmeeks
        last edited by

        Do you mean for Snort or Suricata?  If so, the answer is "yes" to click the FORCE DISABLE RULE icon and disable the rule completely if you don't want it firing.

        Bill

        1 Reply Last reply Reply Quote 0
        • M Offline
          MilesDeep
          last edited by

          Snort.  So to disable the rule means to force allow the traffic?

          1 Reply Last reply Reply Quote 0
          • bmeeksB Offline
            bmeeks
            last edited by

            @MilesDeep:

            Snort.  So to disable the rule means to force allow the traffic?

            That's one way of looking at it.  The actual effect is that rule is removed from the list that traffic is evaluated against.  Since the rule is not evaluated against traffic, it can't "fire" and trigger an alert.  This is a per-interface setting, so if you run Snort (or Suricata) on multiple interfaces you can have a rule enabled on one and disabled on another.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.