Why does suricata block trafic from LAN to green interface

Support
,
1

NethServer Version: 7.5.1804 final (subscr.)
Module: Surcata / IPS

When I enable the DOS category in IPS, it’s not possible to write to a share with excel. It’s possible to open the file, but when I try to save the file, it’s blocked:

image
image.png1073×252 20.2 KB

In this case 192.168.0.4 ist a LAN-PC and 192.168.0.230 is the green interface of my NS, so both in green zone.
The NS has 1 red and 1 green interface. Installed modules firewall, proxy, fail2ban, ufdbguard, etc.

@filippo_carletti shouldn’t IPS only control traffic an fw/red interface?

2

I can’t find it right now, but I asked that same question some time ago when I also had issues of internal clients being blocked at the green interface.

From memory, the answer I got was that it runs on all interfaces to stop/hinder the transmission of “bad things” that could have been introduced directly at the client.

Cheers.

2 Likes