custom rules for port 20015

lizardsquad · June 10, 2025, 8:28pm

Hello,

I’m using chatgpt to configure custom rules for port 20015. It suggested this rule, but it doesn’t work. Can anyone help me?

drop tcp any any → any 20015 (msg:“BLOCK: TCP 20015 > 40/s”;
rate_filter: track by_src, count 1, seconds 1, new_action drop, timeout 60, expire 300;
sid:1102001; rev:1;)

clocks-00-nix · June 24, 2025, 7:29pm

ChatGPT doesn’t seem to be aware of the correct Suricata rule syntax. You may want to try Claude instead: https://claude.ai/share/a3a03f84-2133-4f28-9a1b-3fb950b4190c

Andreas_Herz · July 17, 2025, 8:52pm

Please provide more context, like the version you use, how you run it, the config etc.

When you say it doesn’t work, does it not load, does it not drop, do you really run in IPS mode?