I know Bill (bmeeks) hangs out in the web forums but since they're offline, does anyone know if it is possible to allow an IP for Suricata when it's in Inline mode? I see lots of examples like:
pass ip 1.2.3.4 any <> any any (msg:"pass all traffic from/to 1.2.3.4"; sid:100000;) ...but I gather that is tied to the specific rule/sid? The use case is it seems to be triggering on our Nagios monitoring of our web servers and I'd like to just whitelist our office IPs rather than trying to manage bunch of rules. (for those unaware, Pass Lists will be removed from Inline mode: https://webcache.googleusercontent.com/search?q=cache:VUgCeE4j3yQJ:https://forum.pfsense.org/index.php%3Ftopic%3D135331.0+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-b-1-ab https://webcache.googleusercontent.com/search?q=cache:6eT7PljragcJ:https://forum.pfsense.org/index.php%3Ftopic%3D145257.0+&cd=4&hl=en&ct=clnk&gl=us&client=firefox-b-1 ) Thanks, Steve Yates ITS, Inc. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold