笔记 opnsense

OPNsense增加自定义IDS规则

构建Web服务

  • 安装Web服务器
    • 假设web根目录/var/www/opnsense
    • 创建文件夹/var/www/opnsense/suricata
  • 准备规则集/var/www/opnsense/suricata/custom.rules
1
2

# This rule drops all tcp traffic on User Ports from the internet to your local network
drop tcp $EXTERNAL_NET any -> $HOME_NET [1024:65535] (msg:"Block User Ports"; classtype:bad-unknown; sid:9900001; rev:1;)

增加metadata

  • 在OPNsense上增加/usr/local/opnsense/scripts/suricata/metadata/rules/custom.xml文件
1
2
3
4
5
6
7
8

<?xml version="1.0"?>
<ruleset documentation_url="http://docs.opnsense.org/">
    <location url="https://www.mydomain.com/suricata/" prefix="Custom"/>
    <files>
        <file description="custom rules">Custom.rules</file>
        <file description="Custom" url="inline::rules/custom.rules">Custom.rules</file>
    </files>
</ruleset>
  • 在OPNsense的Web管理页面中选择Custom规则

其他相关路径

  • /usr/local/etc/suricata
© 2022 - 2024 Joe's Ark

Built with Hugo
主题 StackJimmy 设计