OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: jodumont on September 27, 2018, 03:32:21 pm

Title: 2questions IDS/IPS
Post by: jodumont on September 27, 2018, 03:32:21 pm

Hi everyone;

1.
My public IP, in fact all ip of my ISP are blacklisted by spamhaus.
if I active the IPS mode on my WAN and active the DROP list what will happen ?

2.
If the IPS mode is activated on my LAN interface and I forward a ports; do these ports still under the IPS protection or the traffic will be forward before ?

Title: Re: 2questions IDS/IPS
Post by: mimugmail on September 27, 2018, 04:01:55 pm

You should activate EDROP via Alias and not IPS, way more performant. Then you can add a whitelist in fron of the rule.

Title: Re: 2questions IDS/IPS
Post by: jodumont on September 27, 2018, 08:45:51 pm

thank for sharing your tough it make me discover a new way of doing it :)
https://wiki.opnsense.org/manual/how-tos/edrop.html

 :D