OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: N0_Klu3 on May 23, 2020, 10:38:39 pm

Title: IPS rules that wont cause issues
Post by: N0_Klu3 on May 23, 2020, 10:38:39 pm
I’m looking to enable IPS but wanted to check which rule sets will work without causing too many false positives?

Is there somewhere I can get some default rules to enable?
I really like the snort rules where you can choose Balanced or Secure or what not.

I really with ET had these options, so I’m kinda looking for something like this if possible?
Title: Re: IPS rules that wont cause issues
Post by: nzkiwi68 on June 25, 2020, 01:54:17 am
Have a good read of this;

https://forum.opnsense.org/index.php?topic=6590.0 (https://forum.opnsense.org/index.php?topic=6590.0)

That's a useful start.
Also.. think about what your protecting...

Example:
If you don't have an SQL server exposed via a web server and a web server, then, maybe you don't need these rules;