OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: cbyrd on October 09, 2017, 07:00:02 pm

Title: IDS and Firewall Rules
Post by: cbyrd on October 09, 2017, 07:00:02 pm

When are IDS rules applied as compared to the firewall rules.

I am doing country blocks in IDS but would like to pass certain email servers in the blocked areas.

I have a firewall rule to allow them but they are still getting blocked by the IDS.

Is there a way away to allow specific IP through in IDS ?

Any help appreciated.
Chris

Title: Re: IDS and Firewall Rules
Post by: franco on October 09, 2017, 10:59:02 pm

Hi Chris,

The IDS blocking is a level below the firewall itself, so the IDS is protecting your whole firewall system, but also blocks more strongly than your firewall and exceptions won't work from there.

But firewall aliases also provide solid geo blocking. You should consider switching to the those as they gives you fine-grained control over the block targets (or add exceptions).


Cheers,
Franco

Title: Re: IDS and Firewall Rules
Post by: cbyrd on October 10, 2017, 04:42:03 am

Franco,

Thank you for the insight.      Does using Geoblocking in the firewall affect performance vs the IDS.

I was using geoblocking in the firewall rules and I was getting an error that it was unable to load the rule in memory.    I did have lots of countries blocked.

Chris

Title: Re: IDS and Firewall Rules
Post by: franco on October 10, 2017, 07:17:07 am

Hi Chris,

This is not a problem. The search for the error should be trivial in the forum if you provide the exact message, but I'm feeling lucky today:

https://forum.opnsense.org/index.php?topic=4524.msg17330#msg17330

Performance should be the the same except for very large deployments, although remember you aim for more flexibility by accepting a bit less performance so that's a reasonable tradeoff. :)


Cheers,
Franco