OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: Kuzunkhaa on August 02, 2016, 10:25:12 am

Title: Problem with "Intrusion Detection" and a Bridge.
Post by: Kuzunkhaa on August 02, 2016, 10:25:12 am
Hello,
the interfaces of my OPNsense are configured with one NIC for internet connectivity thru PPPoE and 3 NIC together in a Bridge, so my configuration is:I have a problem to configure the Intrusion Detection service to the Bridge. When I insert one member of the Bridge0 to the interface list, it become impossible to connect thru that port to OPNsense. While when I insert LAN on the interfaces, seems don't block nothing.
What I have to do for enable Intrusion Detection on the members of Bridge0?

Thanks
Title: Re: Problem with "Intrusion Detection" and a Bridge.
Post by: franco on August 03, 2016, 01:09:43 pm
Are we talking about IDS with IPS mode? What OPNsense version are you on and what is your network card driver?

Ideally, IPS on a number of OPTX should work, but for the bridged LAN there is no guarantee this will work due to the plumbing of the operating system itself.

Then again, running IPS on a lot of internal traffic may not be worth it. The normal use case is to set WAN and Promisc mode for your PPPoE. There may be another issue with PPPoE parsing at the moment in Suricata, but I can't keep all of the current idiosyncrasies together anymore. ;)

So to reiterate: LAN port bridge not working is expected, OPTX not working could be a current bug with 16.7.


Cheers,
Franco