OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: manuel on October 02, 2018, 09:29:42 am
-
Hello
I enabled IPS/IDS according to the howto "IPS SSLBlacklists & Feodo Tracker". Enabled all abuse.ch rulesets and set filter to drop. If I check the alerts tab I only see actions which were allowed. Do I have to edit each action manually and change configured action from alert to drop?
2018-10-02T09:17:28.703243+0200 allowed WAN 80.218.168.190 53516 23.205.182.44 443 SURICATA STREAM Last ACK with wrong seq
2018-10-02T08:43:02.760728+0200 allowed WAN 80.218.168.190 60441 203.119.201.255 443 SURICATA TLS error message encountered
2018-10-02T08:43:02.252406+0200 allowed WAN 203.119.201.255 443 80.218.168.190 60441 SURICATA Applayer Detect protocol only one direction
2018-10-02T08:43:02.252406+0200 allowed WAN 203.119.201.255 443 80.218.168.190 60441 SURICATA TLS error message encountered
I expected that if I change the Filter Action of the rulesets to drop that they will be dropped automatically.
Thank you very much for your help.
Regards Manuel