I know Bill (bmeeks) hangs out in the web forums but since they're
offline, does anyone know if it is possible to allow an IP for Suricata when
it's in Inline mode? I see lots of examples like:
pass ip 1.2.3.4 any <> any any (msg:"pass all traffic from/to 1.2.3.4";
sid:100000;)
...but I gather that is tied to the specific rule/sid?
The use case is it seems to be triggering on our Nagios monitoring of
our web servers and I'd like to just whitelist our office IPs rather than
trying to manage bunch of rules.
(for those unaware, Pass Lists will be removed from Inline mode:
https://webcache.googleusercontent.com/search?q=cache:VUgCeE4j3yQJ:https://forum.pfsense.org/index.php%3Ftopic%3D135331.0+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-b-1-ab
https://webcache.googleusercontent.com/search?q=cache:6eT7PljragcJ:https://forum.pfsense.org/index.php%3Ftopic%3D145257.0+&cd=4&hl=en&ct=clnk&gl=us&client=firefox-b-1
)
Thanks,
Steve Yates
ITS, Inc.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
