OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: ruggerio on February 16, 2022, 07:25:27 am

Title: Question: IDS shows only alled in protocols - no blocking possible?
Post by: ruggerio on February 16, 2022, 07:25:27 am
Hello,

As i have a small APU4, i did not want to enable IPS, as it eats up bandwith. So i tried with IDS and enabled drop in the policy. With IDS i do not loose to much bandwith and it's better to know whats going on instead of getting surprised...

Nevertheless, all traffic is shown as allowed. I am aware of the difference of IDS (for monitoring only) and IPS (acitively acts without human intervention), so i was wondering, to change to drop, even if you choose IDS.

Thx,
Ruggerio