OPNsense Forum
English Forums => General Discussion => Topic started by: thomas-hn on October 07, 2020, 05:59:33 pm
-
Hello,
how does the IDS (Services => Intrusion Detection) receive the incoming packets?
Is it getting the packets before the Firewall? I'm asking, because my IDS is currently listening to LAN & WAN and on the WAN side I see a lot of traffic to ports which are closed in the Firewall.
Can someone confirm please, that the IDS sniffs before the Firewall?
Thanks,
Thomas
-
Yes it does, firewall is in kernel, IDS bit more near nic, so you cant drop first via pf
-
Yes it does, firewall is in kernel, IDS bit more near nic, so you cant drop first via pf
Not sure this is the reason, NIC drivers are part of the kernel, even if a dynamically loaded module, and also run in system mode in order to access the hardware
-
Yes, but pf comes after IPS (incoming direction), thats a fact :)