OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: allebone on April 09, 2021, 12:40:45 am

Title: Blocking some things and reporting others. Is this possible?
Post by: allebone on April 09, 2021, 12:40:45 am

I have the default policy which has the things I want to block, but some things I only want to report but not block. If I create a new policy I can only seem to block things there is no way to only report on the additional things I am wanting to monitor.  Is this possible to achieve?

P

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: sy on April 12, 2021, 08:35:23 pm

Hi,

Do you mean reports of some applications or some users?

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: mb on April 13, 2021, 01:33:42 am

Hi @allebone,

Adding to my colleaue @sy, is it like by default you'll not be having any reporting; but only for the flows matching your policy? Currently the controls work like either it is a block or allow; so if we provided a log action there, packets maching this configuration would be the ones which would get repoted?

Does this describe your request?

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: allebone on April 13, 2021, 10:36:29 pm

Hi there,

For example I would like an option to trigger a block on some rules - so for example maybe I want to block IPSEC traffic. Thats great, ticking it blocks it and works fine. However I also want to only report/monitor some types of traffic, eg, maybe I want to allow pptp but be informed in the dashboard/logs when someone is making a pptp connection so I can let these connections continue to work, but be notified to move them to a more secure type of connection.

There are many other reasons one can imagine to want to be able to allow, but report, I am sure you can use your imagination. However currently I can only block or allow, no method to report on types of rules but continue to allow them through. Im asking for this middle option so I can keep tabs on whats happining without blocking it. Maybe I want to allow certain websites but monitor their use and not block them etc. All sorts of reasons why one might want to do this.

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: mb on April 15, 2021, 02:14:13 am

Thanks for further information. Got it. So it's besides normal reporting.

These would be in the form of "alerts" of some sort may be. This is not doable right now. Though it might be a good idea; We're adding this to the backlog.

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: allebone on April 15, 2021, 05:38:25 am

Thank you.

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: allebone on June 10, 2021, 09:31:38 pm

Did this ever make it as a possible feature? I didnt see anything on the roadmap :(

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: mb on June 16, 2021, 05:19:46 am

Hi @allebone,

The roadmap page mostly lists major features.

Yes, we've added this to our main backlog. It's not yet prioritized though.

Title: Re: Blocking some things and reporting others. Is this possible?
Post by: allebone on June 16, 2021, 05:16:28 pm

No worries, thanks :)