I have enabled the ruleset 'emerging-scan.rules' in intrusion detection, I get a few blocked as screenshot (I assume they are blocked scans) but when I scan my ip address with https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap# the open ports show up.
Any ideas what I'm doing wrong?
(https://i.imgrpost.com/imgr/2021/02/22/opnsense-blocked.md.png) (https://imgrpost.com/image/DtBSj)
Suricata only blocks script enumerations if it sees nmap/zmap user agent.
It won't block syn scans. Relying on security through obscurity doesn't help anyway.
Thank you