I have a hardened VM on my network I use to access TOR. I’d like to allow all traffic in and out of the VM to pass through Suricata without anything being blocked.
I’m currently using Legacy Mode on this VLAN, I tried adding an alias with the internal host IP and adding that to a Pass List, but when I attempted to establish a TOR circut, the rules still fired and blocked the traffic.
I’ve been looking around for an answer to this, but I haven’t found anything useful yet. Everything focuses on adding the external subnets and ip addresses to the passlist, that’s not what I want here.
Can anyone point me in the right direction here please?