Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: allebone on July 20, 2020, 02:51:26 PM

Title: What order are rules processed when using IDS?
Post by: allebone on July 20, 2020, 02:51:26 PM
When using Intrusion Detection, what rules are processed first?

I have normal Firewall rules I would like processed before IDS is processed. Is this the default, or if not, how can I ensure my own rules are processed prior to IDS rules being processed?

Kind regards
Pete
Title: Re: What order are rules processed when using IDS?
Post by: mimugmail on July 20, 2020, 03:01:24 PM
No, first there is Suricata, then cames the Firewall. You can only flip if you let it listen to LAN instead of WAN
Title: Re: What order are rules processed when using IDS?
Post by: allebone on July 20, 2020, 03:16:01 PM
Hmm, that is disappointing. Thanks for clarifying.
Title: Re: What order are rules processed when using IDS?
Post by: mimugmail on July 20, 2020, 03:25:40 PM
IPS/netmap listens in the NIC while pf rules are processed in kernel.
It's the same as with Linux/iptables ...
Text only | Text with Images