From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: DRAFT: Suricata services Date: Sun, 24 Jul 2022 15:26:57 +0200 Message-ID: <5fb81b37a74f63fc498e98cba31afcfaaff7288b.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5016913828832906527==" List-Id: --===============5016913828832906527== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello list followers, after some reports on our community portal about a flooded IDS log in case the tor addon is installed and activated, I tried to solve this issue. (https://community.ipfire.org/t/tor-and-ips-conflict-suricata-rulset-where-do= es-it-come-from/) The desired solution would be to load additional suricata rules to silence the noisy rules when tor is used. This worked pretty well so I extended the code to be more general and such rules for any kind of service can be written and loaded. I collected all the changes on my personal git repository: https://git.ipfire.org/?p=3Dpeople/stevee/ipfire-2.x.git;a=3Dshortlog;h=3Dref= s/heads/suricata-services For an easy testing I created a test tarball, which can be found here: https://people.ipfire.org/~stevee/ids-services/ As usual a README file gives deeper information and guides through the installation process. Please share your opinions about this approach and in case you are testing please provide your feedback here. A big thanks in advance, -Stefan --===============5016913828832906527==--