OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: allebone on July 20, 2020, 02:51:26 pm

Title: What order are rules processed when using IDS?
Post by: allebone on July 20, 2020, 02:51:26 pm

When using Intrusion Detection, what rules are processed first?

I have normal Firewall rules I would like processed before IDS is processed. Is this the default, or if not, how can I ensure my own rules are processed prior to IDS rules being processed?

Kind regards
Pete

Title: Re: What order are rules processed when using IDS?
Post by: mimugmail on July 20, 2020, 03:01:24 pm

No, first there is Suricata, then cames the Firewall. You can only flip if you let it listen to LAN instead of WAN

Title: Re: What order are rules processed when using IDS?
Post by: allebone on July 20, 2020, 03:16:01 pm

Hmm, that is disappointing. Thanks for clarifying.

Title: Re: What order are rules processed when using IDS?
Post by: mimugmail on July 20, 2020, 03:25:40 pm

IPS/netmap listens in the NIC while pf rules are processed in kernel.
It's the same as with Linux/iptables ...