OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • IDS and IPS
« previous next »
  • Print
Pages: [1]

Author Topic: IDS and IPS  (Read 1501 times)

manuel

  • Newbie
  • *
  • Posts: 25
  • Karma: 1
    • View Profile
IDS and IPS
« on: October 02, 2018, 09:29:42 am »
Hello
I enabled IPS/IDS according to the howto "IPS SSLBlacklists & Feodo Tracker". Enabled all abuse.ch rulesets and set filter to drop. If I check the alerts tab I only see actions which were allowed. Do I have to edit each action manually and change configured action from alert to drop?

2018-10-02T09:17:28.703243+0200   allowed   WAN   80.218.168.190   53516   23.205.182.44   443   SURICATA STREAM Last ACK with wrong seq   
2018-10-02T08:43:02.760728+0200   allowed   WAN   80.218.168.190   60441   203.119.201.255   443   SURICATA TLS error message encountered   
2018-10-02T08:43:02.252406+0200   allowed   WAN   203.119.201.255   443   80.218.168.190   60441   SURICATA Applayer Detect protocol only one direction   
2018-10-02T08:43:02.252406+0200   allowed   WAN   203.119.201.255   443   80.218.168.190   60441   SURICATA TLS error message encountered

I expected that if I change the Filter Action of the rulesets to drop that they will be dropped automatically.

Thank you very much for your help.

Regards Manuel
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • IDS and IPS
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2