1- To run Suricata-IDS in IPS mode, the
drop.conf file must be created under the
/etc/suricata/ directory with the following contents:
2- To enable or disable specific rules,
disable.conf files must be created under the
/etc/suricata/ directory and the
SID or name of the desired rule should be inserted in that file(s).
Does the above steps work in the current version of Suricata-IDS?
Did you try before asking?
Because of some Suricata-IDS problems, I can’t test them. I need to fix the current problems of Suricata-IDS first.
I think you should wait with creating another new topic then. It’s not useful to ask things w/o trying or w/o being able to try the suggestions you may receive.
Thank you for your advice.
But, you are a member of Suricata-IDS team, How do you not know?
What you describe is current with our documentation. So you should try first, if you hit an error, then describe the issue.