Kapisi/roles/Sharingan/files/suricata/local.rules

pass ip 10.0.1.2/32 445 <> 10.0.1.3 any (msg: "Ignore Microsoft-ds traffic"; sid:4294967202;)
pass dns $HOME_NET any -> 10.0.1.3 53 (msg: "Ignore false malformed DNS from DD-WRT"; sid:4294967204;)
pass ip any any <> 96.126.111.217 6667 (msg: "We consider Xertion safe"; sid:4294967205;)
pass tcp $HOME_NET any <> 10.0.1.3 any (msg: "Allow AniNIX::Core to scan"; sid:4294967206;)
pass http 10.0.1.3 any -> $HOME_NET any (msg: "Pass local http traffic."; sid:4294967208;)
pass tcp 10.0.1.3 any -> 10.0.1.1 80 (msg: "Allow Core to admin Shadowfeed with Geth integration"; sid:4294967209;)
pass tcp 10.0.1.3 any -> $HOME_NET 3389 (msg:"ET DOS Microsoft Remote Desktop (RDP) Syn then Reset 30 Second DoS Attempt"; flags:R; flow:to_server; flowbits:isset,ms.rdp.synack; flowbits:isnotset,ms.rdp.established; flowbits:unset,ms.rdp.synack; reference:cve,2012-0152; classtype:attempted-dos; sid:4294967211;)
pass http $HOME_NET any -> any any (msg:"ET POLICY curl User-Agent Outbound"; sid:4294967212; content:"curl/"; nocase; http_user_agent; depth:5;)
pass udp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET P2P BitTorrent DHT ping request"; content:"d1|3a|ad2|3a|id20|3a|"; depth:12; nocase; sid:4294967213;)
pass ip $HOME_NET any -> [130.239.18.119,162.213.39.42,185.30.166.37,185.30.166.38,38.229.70.22,64.86.243.181] any (msg:"130.239.18.119|162.213.39.42|185.30.166.37|185.30.166.38|38.229.70.22|64.86.243.181"; rev:2; sid:4294967214; classtype:trojan-activity;)
pass tls any any -> any any (msg:"SURICATA TLS invalid handshake message"; flow:established; app-layer-event:tls.invalid_handshake_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:4294967215; rev:1;)