Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: abranca on November 25, 2020, 05:28:03 PM

Title: info ids rules and action
Post by: abranca on November 25, 2020, 05:28:03 PM
hello everyone,
I have a question about the IDS system.

I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.

I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".

shouldn't it be "blocked"?

thanks to all
Title: Re: info ids rules and action
Post by: Fright on November 25, 2020, 05:44:47 PM
Hi
QuoteI have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.
that's the difference between IDS and IPS
Title: Re: info ids rules and action
Post by: abranca on November 28, 2020, 02:32:06 PM
Thank you for the clarification
Text only | Text with Images