I see a little bit of confusion in this post, let’s try to clear some points
- Latest nethserver-pulledpork doesn’t brake anything, it just uses new optimized rule format for Suricata 4.0
- When implementing an IPS/IDS on your network you must tune the configuration and block only relevant categories
- Rules are automatically updated overnight and could change their own behavior
We didn’t experimented any issue so far, this is our current production configuration for Suricata:
Yes, you can use
yum downgrade but it will have no effect on your problems.
We could find a way but it’s quite difficult at firewall level because you need to bypass also established connections.
If you want to add exceptions, the simplest way is to hack the Suricata rules.
The traffic between LAN hosts doesn’t flow through the gateway, therefore it can’t be affected.