Yes, I am currently trying to add my own rules. However due to the limitations set on the Astaro gui, I am unable to create activate and dynamic rules. I have no problems creating basic alert and drop rules, like shown on the page of the link you posted.
I am sure that those of you who have tried creating local rules have seen how Astaro automatically adds certain snort rule options so that Astaro’s graphical interface can interact with these options; i.e. sid, rev, classtype, and of course the alert and drop rule actions. That's where I run into problems. Since the gui already adds the alert and add rule actions, I want to know how one would go about creating local rules with the activate and dynamic rule actions which come with snort inline, without crashing out the “Astaro IPS” or voiding Astaro support. I've tried manually editing the config files "/etc/snort/snortrules-2.3.ini", "/etc/wfe/conf/snortactivation.ini", and "/etc/wfe/conf/snortlocalrules.ini" but no luck there. That is as far as I got, any help would be appreciated.
Can anyone relate or comment on this? I would really like to know if anyone has come across this issue and how they delt with it. I guess avoiding astaro support isn't really an issue for me anymore since I've already attempted to customized my rules through the console.
Can anyone relate or comment on this? I would really like to know if anyone has come across this issue and how they delt with it. I guess avoiding astaro support isn't really an issue for me anymore since I've already attempted to customized my rules through the console.
