NethServer Version: 7.8
Module: Suricata and Threat Shields
I’m trying to protect the internal LAN as much as possible…
I’m running Squid and it’s doing a fairly decent job. However, I would also like to implement Suricata and Threat Shields. But, when I enable all lists, it ruins the LAN access to the internet and even access to the Pilot (internal IP)
Is there a how-to or something similar to what lists to enable both for Suricata and Threat Shields?
See the firehol blocklist documentation for choosing the right lists to enable.
I just use a basic set: Blocklist de, Dshield, Feodo, Spamhaus drop, Spamhaus edrop, Iblocklist abuse palevo, Sslbl, Zeus badips.
As regards suricata see the documentation to learn about the different rule categories.
I block following IPS rule categories, the others are set to alert:
To output your blocked categories just enter
config show suricata
in a terminal.
Huge Thanks Markus!
Will try to implement the recommendations tomorrow.
Will let you know how it goes!
Had the chance to implement as per your tips. It’s working and I feel grateful for your help!
I will be refining as much as possible as things/my understanding progresses