OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: enoch85 on June 05, 2016, 01:02:04 am
-
So, I played around with Intrusion Detection and enabled rules that I thought would be nice to have (DOS, Trojan, Scan Fedo Tracker), hit apply and now I can't browse until I turn Intrusion Detection off. Just removing "Enabled" didn't help as the rules are still enabled when I go to "Rules", something to improve imo.
Is there any way to load the "default rules" or delete all the current rules and start over? If I check rules I have >58000 entries and need to manually remove each one. I will be done when I'm 100 years old.
Also, are there any rules that you recommend? I run a ESXi server with some domains over SSL and I would really want some more security if possible.
Thanks!
-
Hi enoch85,
Did you apply your changes? (download & apply when changing complete rulesets, apply when changing specific rules)
Download / Apply should also remove the uninstalled sets.
Same comment on Github too: can you please only add issues on GitHub for missing features or if the outcome of the forum thread is that it is (looks like) a bug.
(for more info about creating issues, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md (https://github.com/opnsense/core/blob/master/CONTRIBUTING.md))
As for the recommended rules, the abuse.ch sets are pretty useful with very little false positives, I would start with those and test again. If all works, then add some of the ET rulesets, like malware, trojan.
Best regards,
Ad
-
Yes, the rules I applied was removed when I clicked "Download & Update Rules". Thanks!
After that I got the "default rules" left - 21 enteries that were enabled. I then clicked Enable --> Apply, and the same issue occured, I could browse but it was veery slow and most pages didn't work. So not even the "default rules" worked. Am I doing something wrong?
Btw, I'm on IRC.
-
It's probably an issue with netmap in combination with your network driver, which type of network card is configured in ESXi and do you have all hardware offloading features disabled?
-
I use VMNET3 for the Network, and this is how my config looks like in the firewall:
(http://i.imgur.com/E1KrsNv.png)