OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: lfirewall1243 on January 31, 2021, 05:53:40 pm

Title: Can't change IDS Rules to drop
Post by: lfirewall1243 on January 31, 2021, 05:53:40 pm

After the Upgrade I can't enable the IDS Rules for blocking
Before I could change it unter IDS->Download

But now there isn't a button to "enable drop" for the market rules

Title: Re: Can't change IDS Rules to drop
Post by: mnaim on January 31, 2021, 10:18:39 pm

It was migrated to IDS - Policy menu.

Title: Re: Can't change IDS Rules to drop
Post by: lfirewall1243 on February 01, 2021, 09:32:48 am

Quote from: mnaim on January 31, 2021, 10:18:39 pm

It was migrated to IDS - Policy menu.

So it isnt possible to set a whole group for example "ET open/botcc" to drop.

I always have to choose each rule over the Rules Filter. right?
Or ist there a Button to Filter like "all CVE Rules", so that i dont have to click on each single CVE Rule

Title: Re: Can't change IDS Rules to drop
Post by: mnaim on February 01, 2021, 12:42:55 pm

Yes it is possible. Create policy Rule set = ET open/botcc.
Action = Alert, New action = Drop

all CVE Rules - if you do not select any specific, it means all

Title: Re: Can't change IDS Rules to drop
Post by: lfirewall1243 on February 01, 2021, 12:48:15 pm

Quote from: mnaim on February 01, 2021, 12:42:55 pm

Yes it is possible. Create policy Rule set = ET open/botcc.
Action = Alert, New action = Drop

all CVE Rules - if you do not select any specific, it means all

Found it

Thank you!!!