OPNsense Forum

English Forums => General Discussion => Topic started by: pcborges on July 17, 2016, 09:53:48 pm

Title: Intrusion Detection Rules, should I activate all?
Post by: pcborges on July 17, 2016, 09:53:48 pm

Hi, I am running OPNSense for about a week now and followed most manual indications for the setup.

OPNsense is working and performing well that far.

I have activated Intrusion Detection according to manual but the manual only instructs to activate the abuse group of rules.

Below on the settings page there are plenty of rules left unchecked and I just cannot find documentation on what to do with them.

What is the criteria to decide if I do need to activate these rule sets?

Thanks
Paulo Borges

Title: Re: Intrusion Detection Rules, should I activate all?
Post by: fabian on July 17, 2016, 11:00:55 pm

You should enable only the rules you need because all rules need to be processed so when you have more rules, you will also have more CPU load. Useless rules are bad for your overall performance without any advantage.

You should read the description and if the rules fits your needs, enable them. Otherwise just leave them disabled.