Differences

This shows you the differences between two versions of the page.

--- pfsense:suricata:custom_rules [2020/03/01 21:51] – peter
+++ pfsense:suricata:custom_rules [2021/01/21 10:21] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== PFSense - Suricata - Custom Rules ======
-<WRAP warning>
-**WARNING:**  Every custom rules must have a unique SID!!!
-Make sure you pick a starting SID number that does not conflict with any existing SIDs from other enabled rules.
-Usually from 1000000.
-</WRAP>
-----
-To create custom passlist rules go to the RULES tab for the interface, choose CUSTOM RULES in the Category drop-down and then type in the rules you need.
-<code>
-Services > Suricata > Interfaces > INTERFACE > INTERFACE Rules > custom.rules
-</code>
-There are plenty of examples on the web.
-You can add restrictions by protocol, port and source or destination IP address.
-<WRAP important>
-WARNING:  Just really think about what your rule is allowing when creating it.
-</WRAP>
-<code>
-alert icmp any any -> any any (msg:"ICMP Packet found";sid:1000001;rev:1;classtype:icmp-event)
-pass ip 1.2.3.4 any <> any any (msg:"pass all traffic from/to 1.2.3.4"; sid:100000;)
-pass ip 192.168.1.22/32 80 <- any any (msg: "Pass List Entry - allow all traffic to/from 192.168.1.22/32"; sid:1000006;
-</code>
-----
-===== References =====
-https://www.cnblogs.com/lsgxeva/p/11392627.html
-http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html