OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: walkerx on January 14, 2019, 11:44:10 pm

Title: IDS blocking internal network
Post by: walkerx on January 14, 2019, 11:44:10 pm
I've had IDS enabled and had installed snort, but every so often my whole network has gone down and when trying to connect to the OS box I've been unable to either via ip or name.

Due to these ongoing issues I attached a keyboard and monitor to the system, so could access the console - on doing so, only thing I could see was blocking from the ids, and if I logged onto the box and pinged a web address this was successful, but until I told the system to reboot fully I could still not access the box or internet from any networked device. I didn't know what commands were available to restart any of the services and in the menu option, you only have the option to restart all which wasn't successful.

I've now removed snort from ids and left it was the standard ones, but noted that the abuse.ch rules say 'not installed' and if tell the software to download and update the rules, these never change.

I've also ticked the enabled and ips mode boxes on the settings page as well setting the interfaces to wan

would these settings be correct or will i need to make further changes