Exclude/bypass device from suricata in IPS mode not working

suriblau · February 23, 2025, 1:53pm

Hi,
I would like to exclude a device from getting inspected.
I try to do this with a user defined setting that lets the device IP pass the CIDR of my LAN and ticked the bypass box.
However when in IPS mode – and only when in IPS mode – the device ‘complains’ and has network issues (it is actually my son that complains because it is his playstation and it`s lagging like crazy with IPS on).

Any idea how to troubleshoot?

Suricata version: latest built-in OPNsense 25.1.1
Interface: LAN
Pattern Matcher: Hyperscan
Hardware: Intel n100, 8GB RAM

Jeff_Lucovsky · February 23, 2025, 2:18pm

I suggest posting your query at the OPNsense forums: https://forum.opnsense.org/

Topic		Replies	Views
Suricata on pfSense blocking IPs on Pass List Help pfsense	16	7696	January 14, 2022
Query on IPS Mode Help	1	423	September 19, 2022
Raspberry Pi with Suricata in IPS Mode [Help] Help ips , suricata	3	1887	May 7, 2023
Config Question: Suricata as an IDS + source IP Blocking on VPS w/1 network interface Help	9	2189	February 14, 2022
Issues with IPS Mode Help ips	4	936	March 1, 2023

Exclude/bypass device from suricata in IPS mode not working

Related topics