OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: hushcoden on August 23, 2020, 11:58:19 am

Title: Home network in IDS/IPS
Post by: hushcoden on August 23, 2020, 11:58:19 am

Could someone explain why the IDS/IPS should know the local IP addresses? What if I'd' leave that field empty ?

Tia.

Title: Re: Home network in IDS/IPS
Post by: XeroX on August 23, 2020, 12:43:05 pm

Quote

Define custom home networks, when different than an RFC1918 network. In some cases, people tend to enable IDPS on a wan interface behind NAT (Network Address Translation), in which case Suricata would only see translated addresses in stead of internal ones. Using this option, you can define which addresses Suricata should consider local

https://docs.opnsense.org/manual/ips.html?highlight=suricata#advanced-options

Title: Re: Home network in IDS/IPS
Post by: hushcoden on August 23, 2020, 01:44:29 pm

Thanks, I actually read that, and I understand that way when you look at the logs you have a clear idea of the traffic in/out... and my question is: would Suricata still work properly even not knowing the local IP addresses?

Title: Re: Home network in IDS/IPS
Post by: XeroX on August 23, 2020, 02:55:17 pm

Yes as long your ip range is within RFC1918 according to the description.