Hello,
I comming from pfSense and migrated to OpnSense. Not shure, if it's an understanding problem or a other issue.
Using Maltrail, IDS/IPS and Crowdsec. In the floating firewall rules I have some IPBLs blocklist to block incoming and outgoing to ToR, DROP, ET and some more. Also a VoIP NAT into one of the DMZ interfaces.
In the IDS/IPS, Crodsec and Maltrail and also in the firewall log I did not get any log alerts for connection attempts, like some bot nets. I expected, that in Suricatta, Maltrail and these attempts would be alerted.
Some time ago, I got also some Surricata and Maltrail alerts.
I this behaviour OK? Or I am wrong or is there an issue?
Don't understand, if it's related to the to the WAN reject rules, that nothing is logged?
The global logging is enabled, logging of the WAN reject rule also.