Securing NS with Suricata and Threat Shields

NethServer Version: 7.8
Module: Suricata and Threat Shields

I’m trying to protect the internal LAN as much as possible…
I’m running Squid and it’s doing a fairly decent job. However, I would also like to implement Suricata and Threat Shields. But, when I enable all lists, it ruins the LAN access to the internet and even access to the Pilot (internal IP)

Is there a how-to or something similar to what lists to enable both for Suricata and Threat Shields?
Thanks

See the firehol blocklist documentation for choosing the right lists to enable.

I just use a basic set: Blocklist de, Dshield, Feodo, Spamhaus drop, Spamhaus edrop, Iblocklist abuse palevo, Sslbl, Zeus badips.

As regards suricata see the documentation to learn about the different rule categories.

I block following IPS rule categories, the others are set to alert:

BlockCategories=ET-botcc.portgrouped,ET-botcc,ET-ciarmy,ET-compromised,ET-drop,ET-dshield,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-exploit,ET-emerging-malware,ET-emerging-netbios

To output your blocked categories just enter

config show suricata

in a terminal.

1 Like

Huge Thanks Markus!

Will try to implement the recommendations tomorrow.
Will let you know how it goes!

Again, thanks!

1 Like

Hi Markus,

Had the chance to implement as per your tips. It’s working and I feel grateful for your help!
I will be refining as much as possible as things/my understanding progresses
Thanks again

1 Like