Question about port-groups and vpn configuration

burbit · August 28, 2023, 12:34am

Hello!

New suricata user here! Having a fun time configuring suricata on my workstation. Learning a whole bunch!

I am running a VPN and have a question about the configuration. Unfortunately I’m not to experienced in networking and am in need of some help.

What are the ports under port-groups? Are these the selected ports that are being included in monitoring?

Thanks

Jeff_Lucovsky · August 28, 2023, 2:44pm

The values in the port-groups section are “variables”. The variables are substituted as rules are parsed and loaded. If a rule doesn’t refer to them, then they’re not used.

Here’s an example rule snippet that refers to 3 DNP rule variables:

alert tcp $DNP3_SERVER $DNP3_PORTS -> $DNP3_CLIENT any ( .... )

Topic		Replies	Views
Help configuring Suricata Help	1	109	April 15, 2024
Help with variables in YAML file Rules	3	831	February 15, 2023
A question about host-os-policy and port-groups sections Help	4	255	October 18, 2023
Issue with variable in suricata.yaml port-groups Rules	4	428	May 18, 2023
Rule has unknown dest port var and will be disabled Rules	4	932	July 13, 2022

Question about port-groups and vpn configuration

Related topics