[Oisf-users] Suricata not blocking bad traffic

[Andreas Herz]

On 08/07/18 at 21:58, gatodiablo at protonmail.com wrote:
> Alert I think. Do I need a different set of rules to run in IPS mode? I ideally want it to both alert and drop anything that matches a rule.

Yes you need to change the action keyword from 'alert' to 'drop' or it
won't be dropped/blocked. You will still get an "alert" message as well
which also mentiones the drop.

-- 
Andreas Herz