Hello guys, all right? Is there a place in Suricata where I can put trusted IP’s? As if it were a white list? I say this because sometimes Suricata ends up blocking my own valid IP Public.
I would recommend either writing a pass rule or using thresholds.
Example pass rule:
pass 10.10.0.1 any <> any any (msg:"Skip all traffic related to my IP"; sid:1; rev:1;)
That would stop Suritcata from alerting or dropping all packets bound to or from 10.10.0.1.
Have a look at https://suricata.readthedocs.io/en/latest/configuration/global-thresholds.html?highlight=threshold#id2 for thresholds.
suppress gen_id 0, sig_id 0, track by_both, ip 10.10.0.1 in /etc/suricata/threshold.config should also stop any alerts from having effect on traffic.
I would recommend using a pass rule.