Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: eponymous on June 20, 2021, 08:12:11 PM

Title: IPS / Suricata policy not working
Post by: eponymous on June 20, 2021, 08:12:11 PM
Hi,

I've added a policy which applies to all of the abuse.ch lists and some of the ETOpen lists.

This is simply to make them "drop" instead of "alert".

However, I've noticed that when I apply this and then download and update the rules, only some of the rules are set to "drop" with the rest being left at "alert". I've also noticed that only the abuse.ch lists actually seem to update looking at the last updated timestamp.

Is this a known issue? I've not found any posts or bug reports yet which confirms this but I may have missed something. I'm using the community version of OPNsense 21.1.7.
Title: Re: IPS / Suricata policy not working
Post by: AmatorPhasma on June 22, 2021, 07:03:50 PM
works as expected on my side.

here my policy
(https://i.imgur.com/i2WfZDu.png)
Title: Re: IPS / Suricata policy not working
Post by: eponymous on August 08, 2021, 06:17:42 PM
I managed to fix this by adjust my policy to set all rules to drop - regardless of their current setting. This seems to work now.
Text only | Text with Images