OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of abranca »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - abranca

Pages: [1]
1
Intrusion Detection and Prevention / Re: IPS in VLAN only environment
« on: May 04, 2023, 11:18:58 am »
Hi I link to this discussion to ask for clarification.
I have OPNsense virtualized on proxmox with a network card with 2 dedicated ports (1 WAN and one for LAN).
I have created VLANs on my LAN, in the interface settings I have Hardware CRC, Hardware TSO, Hardware LRO checked (so all disabled) and VLAN Hardware Filtering disabled.

In IPS I have Promiscuous mode enabled but I am not clear on the Interfaces part. Do I have to select LAN because the VLANs are on this physical interface? Why not select the interface assigned to the VLAN?

Thanks for the clarification

2
Italian - Italiano / Re: 21.7.4 - ancora problemi di swap e memoria
« on: July 28, 2022, 11:45:23 am »
hai attivo per caso suricata? io avevo lo stesso problema ma fermando e riavviando il servizio la memoria si è svuotata.

3
General Discussion / Re: Blocking single device by IP access to Internet
« on: July 28, 2022, 11:41:26 am »
Hi, I am adding to this post.
i also have the same problem and i have created the rule following what is stated in this post but the machine still navigates.

i am attaching two screenshots.

4
General Discussion / [solved] anydesk and teamviewer are blocked
« on: December 02, 2020, 10:41:36 am »
Hi guys,
I have a problem for a couple of days.
I can no longer access my pc remotely with anydesk or teamviewer.
The firewall rules have not changed.
I have a rule for remote desktop on non-standard port and it works perfectly, while all other connections with anydesk and teamviewer are rejected by the "Default deny rule", but until two days ago everything worked perfectly.

I have active GeoIP and IDS block with automatic rule update, not IPS because I have pppoe connection.

I enclose a screenshot.
Thank you all for your help.

5
20.7 Legacy Series / Re: info ids rules and action
« on: November 28, 2020, 02:32:06 pm »
Thank you for the clarification

6
20.7 Legacy Series / info ids rules and action
« on: November 25, 2020, 05:28:03 pm »
hello everyone,
I have a question about the IDS system.

I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.

I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".

shouldn't it be "blocked"?

thanks to all

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2