There is a simple way to integrate fail2ban with suricata?
For example, my host blcoked some ips and I wish to block those ips on suricata as well.
I was thinking to create a new group like home_net to do this.
It’s possible to manage that?
In addition to what you see there you’d need a rule like
drop ip any any -> any any (hostbits:isset,blacklist,src; sid:1;)
This would drop any packet for a host that sits in the host table, with the ‘blacklist’ tag (bit). You can use the unix socket command to add (and remove) them.