Messages

OPNSense looks solid. Let me know if anything changes. Can't wait to use it with my setup.

IMHO there is no suricata with IPS in pfsense. IDS is doing fine on both senses...

@chemlud Let me know if you want to know how to actually enforce IPS on PFSense using VLAN/PPPoE until they get it working on OPNSense. Would love to help. Was hoping to switch over to OPNSense.

Screenshots Here:

That example talks about an old version. I am on v19. No chatter since Jan 2018. Wonder if they are still having problems.

I was using PPPoE with Surricata on PFSense just fine dunno why OPNSense doesn't like it.

Well back to PFSense until OPNSense fixes it. I really love the UI. Bummer I can't use it with PPPoE.

Still wondering about Bulk enable/block. Anyone have any insight on that?

Kinda scratching my head at OPNSense's IPS. I am coming from 4+ years of PFSense. Thought the free ET rulesets from ProofPoint sounded great. Would love to use them.

Context -
Using PPPoE - Broadband
Using VLAN tagging to talk to the ONT on the side of my house
Tokens and OinkCodes are all working and valid
Enabled: Intrusion Detection
Enabled: IPS Mode
Enabled: Promiscuous Mode - Due to VLAN and IPS like helps says
Enabled: Syslog Alerts - So I can see if the rules work and tune if needed
Pattern Matcher: Hyperscan - Faster, but also tried Aho
Interfaces: WAN - For now

1. Not seeing anything under alerts. In PFSense I would see rules as they are hit.
2. Download tab - "Super Easy" to select and enable all and download.
3. Rules tab - Great I see all my rules and can choose to enable.

Q 1: Why Don't I see anything under alerts?
Q 2: Is there an easy way to set DROP to all on the download tab?
Q 3: Is there an easy way to set DROP to all on the rules tab? Not all in the view by clicking next to SID by 10 - 1000 but "ALL" as in all 49000+. This is where PFSense shines.
Q 4: Is there an easy way to "Enable" all in the rules tab akin to the DROP all question. By all I mean all 49000+. Again this is where PFSEnse shines.