OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: schuc on November 08, 2021, 01:37:42 am

Title: IDS/Intrusion Detection: Policy doesn't seem to change Rules at all
Post by: schuc on November 08, 2021, 01:37:42 am

In IDS, I have created a policy to change ALL rules to disabled.  Yet, when I look at the rules, there are a few that are checked/enabled.  I can't manually check/uncheck them but I may create another post for that.

Please have a look at the following screenshots and let me know if something in the setup looks wrong to you:
(https://i.postimg.cc/N27nsQ9b/trash.jpg) (https://postimg.cc/N27nsQ9b)

(https://i.postimg.cc/HrPhsZnG/trash2.jpg) (https://postimg.cc/HrPhsZnG)

(https://i.postimg.cc/7f9RjYyZ/trash3.jpg) (https://postimg.cc/7f9RjYyZ)

(https://i.postimg.cc/nCp5d9gW/trash4.jpg) (https://postimg.cc/nCp5d9gW)

(https://i.postimg.cc/5XtrJdxq/trash5.jpg) (https://postimg.cc/5XtrJdxq)

(https://i.postimg.cc/PNm9zQ3Z/trash6.jpg) (https://postimg.cc/PNm9zQ3Z)



Thanks and I appreciate any suggestions.

This is on a Protectli FW4B running OpnSense 21.7.4 and Suricata 6.0.3_3.

Title: Re: IDS/Intrusion Detection: Policy doesn't seem to change Rules at all
Post by: Fright on November 08, 2021, 07:52:14 pm

what is indicated in the "matched_policy" field for the "ET P2P Phatbot Control Connection" rule when you click on the edit button?