1
Intrusion Detection and Prevention / How to find the specific rule that is blocking some IP's?
« on: May 06, 2018, 10:50:11 pm »
Hi. I find it very hard to trace blocked traffic back to the rule that is actually causing the traffic or IP to be blocked.
I've attached some screenshots from the logs.
The scenario here is that i'm watching Netflix on my Panasonic smart TV and I see that the Netflix looses its connecting due to Netflix trying to jump from one server to another witch my firewall is blocking. Its not blocking all the traffic but some resulting in me having to manually start the tv show again.
I see the traffic getting blocked but I cant find the exact rule that is blocking it. I am using both IDS and IPS with lots of rules enabled. I'm not gonna bother listing them here as the point is to be able to trace the blocked traffic to the exact rule that is causing the block.
but how?... I find it very strange that its this hard. Every time I try to google anything about opnsense google is always just serving me pfsense results
Thanks for answers!
I've attached some screenshots from the logs.
The scenario here is that i'm watching Netflix on my Panasonic smart TV and I see that the Netflix looses its connecting due to Netflix trying to jump from one server to another witch my firewall is blocking. Its not blocking all the traffic but some resulting in me having to manually start the tv show again.
I see the traffic getting blocked but I cant find the exact rule that is blocking it. I am using both IDS and IPS with lots of rules enabled. I'm not gonna bother listing them here as the point is to be able to trace the blocked traffic to the exact rule that is causing the block.
but how?... I find it very strange that its this hard. Every time I try to google anything about opnsense google is always just serving me pfsense results
Thanks for answers!