Why i cant block only one direction conexion?

Mestre · March 30, 2022, 10:01am

I have these rules:

drop ICMP $HOME_NET any -> $TREX_NET any (msg:"ping dropeado ";sid: 200002;rev:1;)
pass ICMP $TREX_NET any -> $HOME_NET any (msg:"ping trex a home net";sid:200008;)

so I want to block home net to Trex net but I want to receive pings from Trex net to Home net

but with this config, the two ways are allowed

suricatalfon · March 30, 2022, 10:31am

Hola, Nacho.

Es posible que ICMP lo tengas que poner en minúscula en la regla?
Revisaría también, en el .yaml, el action-order.
Para dropear no debe estar en modo IPS ?

Saludos,

Mestre · March 30, 2022, 10:38am

Vale mi problema ha sido la definicion de la red TREX_NET, gracias por tu respuesta igualmente

Topic		Replies	Views
ICMP issue with non-default action order Help rules	4	1237	September 10, 2021
Ping rule to detect Help rules	7	455	October 25, 2023
Except trusted IP Help	10	647	February 25, 2021
Pass rule action Not Working	1	192	October 31, 2023
Any idea why rule is not working :)	1	482	November 17, 2022

Why i cant block only one direction conexion?

Related Topics