Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Inconsistent interface behavior between Intrusion detection and firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: Inconsistent interface behavior between Intrusion detection and firewall (Read 2296 times)
kai
Newbie
Posts: 6
Karma: 0
Inconsistent interface behavior between Intrusion detection and firewall
«
on:
February 26, 2018, 08:01:17 am »
Hi there.
I have an OPNSense firewall set up as a transparent bridging firewall between my external and internal networks.
I set it up as per the instructions in the docs and it works great for firewalling. As the docs suggest all the firewall rules apply on the bridge interface and no filtering is done on the physical WAN and LAN interfaces (which have no IP).
However, when I turn on Intrusion detection... Under settings, if I only include the Bridge interface, no rules or alerts match. If I add the LAN interface in as well then they trigger on that and if I add the WAN interface in as well they trigger on that.
It's like the firewall itself is filtering on the Bridge interface, but the Intrusion detection module is only triggering on the WAN and LAN interfaces. Is this expected? It seems counter to what the docs suggest about filtering on a firewall in Bridging mode.
Logged
franco
Administrator
Hero Member
Posts: 17703
Karma: 1616
Re: Inconsistent interface behavior between Intrusion detection and firewall
«
Reply #1 on:
February 28, 2018, 08:56:35 am »
Hi,
Different technologies.... the IPS mode (Netmap in FreeBSD) only works on physical drivers, not virtual things like bridges and point to point interfaces.
I'd consider IPS a stark exception from the norm. In IDS mode it works as you would expect it, but then it can't drop. There's always something.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Inconsistent interface behavior between Intrusion detection and firewall
