Hi,
Hoping someone can hep me or just explain to me why it is happening. I have PF blocker configured to block all IP addresses except for those located within canada and the US. I also have suricata setup on the router. My rule set for
ET CINS Active Threat Intelligence Poor Reputation IP group 69 - 05/08/2019-08:33:clock330:
ET DROP Dshield Block Listed Source group 1 - 05/07/2019-23:23:48
I am just curious how all these foreign IP addresses is hitting Suricata if pfblocker should prevent them from getting to the point suricata can scan the packets and where the IP address is coming from.
Any help would be greatly appreciated.
Thanks,
brad