OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: mlembke on April 02, 2018, 07:51:44 pm

Title: Rules on Aliases and Timebased
Post by: mlembke on April 02, 2018, 07:51:44 pm

Hi,

i would like to use the Games Rules to block Traffic of Devices.
So at the moment i'm performing it manually with changing from alert -> drop and vice versa.

It would be a greate feature to allow it on a devicelist. Like an Alias of hosts.
They have reservations in DHCP, so a fixed IP. I would like to make an hostgroup and to define the Rulescategory
ET-Games on it.

Furthermore an time accounting would be greate. So it use a scheduled timeframe as alert and drop.

Best Regards
Markus Lembke

Title: Re: Rules on Aliases and Timebased
Post by: franco on April 04, 2018, 08:34:25 am

Hi Markus,

This is a very complex request sowing firewall aliases, schedules, dhcp leases and intrusion detection together into one feature.

This will be hard to implement in a reasonable time frame.

What would be your first step?


Cheers,
Franco

Title: Re: Rules on Aliases and Timebased
Post by: mlembke on April 15, 2018, 10:23:39 am

Hi Franco,

i think first of all it would be great to make it time based.
That should be not to hard i think.

Something like a cron job enabling or disabling rules grouped together in a simple container.
Selecting the rules and put it inside. When editing the conainer, you can change the content and on
saving the changes, the current container will be disabled, the new one will be saved and on the next schedule
it will be enabled.

Maybe there could be a button to manually enable/disable them.

Best Regards
Markus