OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: adrianschneider on November 08, 2019, 09:58:40 am

Title: DShield Rules in ET Pro
Post by: adrianschneider on November 08, 2019, 09:58:40 am
Hi!

I activated the ET Pro Telemetry edition. Since then, the DShield Rules which I had in the ET Open version disappeared.
In the download section I have "ET telemetry/dshield" set to activated/drop. But when I search for "dshield" in the rules tab, there are no associated rules. How can I get them back?

Best wishes,
Adrian Schneider
Title: Re: DShield Rules in ET Pro
Post by: adrianschneider on November 08, 2019, 10:09:26 am
Ok, I looked in the corresponding rules files (the problem applies also to other rules) and found "#@opnsense_download_hash:ec786a61cb5d93b6eb0907e29ca4c166" in the file.

So this seems to be the same problem as https://forum.opnsense.org/index.php?topic=12119.msg55567#msg55567 .

But I wonder -- in the open version there are DShield rules. So why should there be no rules in the Pro edition? And I see traffic that is NOT blocked, but listed on the Dshield website.

ET Open rules:
http://rules.emergingthreats.net/blockrules/emerging-dshield.rules

The same problem applies (at least) to:
drop.rules
compromised.rules
botcc.rules
botcc.portgrouped.rules
ciarmy.rules