since Suricata came into IFFire we use it on the red interface and it works perfect.
Now we have to connect a lot of users over VPN to the network (guess why) and we have a little “problem”.
The users in the homeoffice should have other IDS rules then the red interface but i need rules because.
At the moment it is “only” possible to activate Suricata on the interface without the possibility to select rules for an specific network. So i can only allow or deny for all.
If i for example want to allow smb/nfs and other file share protocols to the VPN users, i have to allow it also on the red network …
Is it possible to change this or can i create some kind of rule?