OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: manuel on October 02, 2018, 09:29:42 am

Title: IDS and IPS
Post by: manuel on October 02, 2018, 09:29:42 am: Hello
I enabled IPS/IDS according to the howto "IPS SSLBlacklists & Feodo Tracker". Enabled all abuse.ch rulesets and set filter to drop. If I check the alerts tab I only see actions which were allowed. Do I have to edit each action manually and change configured action from alert to drop?

2018-10-02T09:17:28.703243+0200   allowed   WAN   80.218.168.190   53516   23.205.182.44   443   SURICATA STREAM Last ACK with wrong seq
2018-10-02T08:43:02.760728+0200   allowed   WAN   80.218.168.190   60441   203.119.201.255   443   SURICATA TLS error message encountered
2018-10-02T08:43:02.252406+0200   allowed   WAN   203.119.201.255   443   80.218.168.190   60441   SURICATA Applayer Detect protocol only one direction
2018-10-02T08:43:02.252406+0200   allowed   WAN   203.119.201.255   443   80.218.168.190   60441   SURICATA TLS error message encountered

I expected that if I change the Filter Action of the rulesets to drop that they will be dropped automatically.

Thank you very much for your help.

Regards Manuel

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy