[Oisf-users] Suricata: Bloc as a default action

Aline Shir alineshir0 at gmail.com
Mon Jan 20 10:25:58 UTC 2014

Hi guys,

I've been reading a bit about Suricata and doing some tests. I've read that
Suricata can be configured to work inline (as an IPS). I've noticed also
that in order to bloc an attack, one must change the corresponding action
in the rule and set it to 'drop' or 'reject'.

My question is: is there a way to set a default bloc action, making
suricata bloc every query that trigers a rule? or i have to replace every
"alert" pattern by a "drop/reject" in every rule?

Thanks a lot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140120/b3272385/attachment.html>

More information about the Oisf-users mailing list