Wiki

User Tools

Site Tools

Trace: install_suricata
pfsense:suricata:pass_lists

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
pfsense:suricata:pass_lists [2020/03/01 19:49] – created peterpfsense:suricata:pass_lists [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 2: Line 2:
  
 <WRAP alert> <WRAP alert>
-IMPORTANT:  Passlists should not be used.+**IMPORTANT:**  Passlists should **NOT** be used.
  
 Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host. Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.
Line 17: Line 17:
 ===== Setup a Passlist ===== ===== Setup a Passlist =====
  
-<code> +==== Setup an Alias for Custom IP Addresses ====
-Services > Suricata > Pass Lists +
-</code>+
  
-Click **Add** 
  
-Change the **Name** as required.+Navigate to **Firewall -> Alias -> IP**
  
-Enter the **Description**.+  * Click **Add** 
 +  * Change the **Name** as required. 
 +  * Enter the **Description**
 +  * Add in Hosts as needed.
  
-Ensure that all items under the **Auto-Generated IP Addresses** are ticked.+----
  
-Select an existing Alias within the Assigned Alias.  Recommendation is that an Alias has already been created under **Firewall > Aliass**.+==== Setup the Passlist ====
  
 +Navigate to **Services > Suricata > Pass Lists**.
  
 +  * Click **Add**
 +  * Change the **Name** as required.
 +  * Enter the **Description**.
 +  * Ensure that all items under the **Auto-Generated IP Addresses** are ticked.
 +  * Select an existing Alias within the Assigned Alias.
 +
 +----
 +
 +==== Enable use of this Passlist ====
 +
 +Navigate to **Services -> Suricata -> Interfaces**.
 +
 +  * Against the Interface to apply this Passlist to, such as WAN, click on the **Edit** option under **Actions**.
 +  * Within the "Networks Suricata Should Inspect and Protect" section, select the Passlist instead of the Default.
 +    * Home Net
 +    * External net
 +
 +----
 +
 +==== Restart ====
 +
 +Navigate to **Services -> Suricata -> Interfaces**.
 +
 +  * Against the Interface to apply this Passlist to, such as WAN, click on the **Restart** option under **Suricata Status**.
 +
 +----
  
 ====== References ====== ====== References ======
pfsense/suricata/pass_lists.1583092171.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki