Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
IDS and IPS
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS and IPS (Read 1342 times)
manuel
Newbie
Posts: 25
Karma: 1
IDS and IPS
«
on:
October 02, 2018, 09:29:42 am »
Hello
I enabled IPS/IDS according to the howto "IPS SSLBlacklists & Feodo Tracker". Enabled all abuse.ch rulesets and set filter to drop. If I check the alerts tab I only see actions which were allowed. Do I have to edit each action manually and change configured action from alert to drop?
2018-10-02T09:17:28.703243+0200 allowed WAN 80.218.168.190 53516 23.205.182.44 443 SURICATA STREAM Last ACK with wrong seq
2018-10-02T08:43:02.760728+0200 allowed WAN 80.218.168.190 60441 203.119.201.255 443 SURICATA TLS error message encountered
2018-10-02T08:43:02.252406+0200 allowed WAN 203.119.201.255 443 80.218.168.190 60441 SURICATA Applayer Detect protocol only one direction
2018-10-02T08:43:02.252406+0200 allowed WAN 203.119.201.255 443 80.218.168.190 60441 SURICATA TLS error message encountered
I expected that if I change the Filter Action of the rulesets to drop that they will be dropped automatically.
Thank you very much for your help.
Regards Manuel
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
IDS and IPS
