Messages

Hi I link to this discussion to ask for clarification.
I have OPNsense virtualized on proxmox with a network card with 2 dedicated ports (1 WAN and one for LAN).
I have created VLANs on my LAN, in the interface settings I have Hardware CRC, Hardware TSO, Hardware LRO checked (so all disabled) and VLAN Hardware Filtering disabled.

In IPS I have Promiscuous mode enabled but I am not clear on the Interfaces part. Do I have to select LAN because the VLANs are on this physical interface? Why not select the interface assigned to the VLAN?

Thanks for the clarification

hai attivo per caso suricata? io avevo lo stesso problema ma fermando e riavviando il servizio la memoria si è svuotata.

Hi, I am adding to this post.
i also have the same problem and i have created the rule following what is stated in this post but the machine still navigates.

i am attaching two screenshots.

Hi guys,
I have a problem for a couple of days.
I can no longer access my pc remotely with anydesk or teamviewer.
The firewall rules have not changed.
I have a rule for remote desktop on non-standard port and it works perfectly, while all other connections with anydesk and teamviewer are rejected by the "Default deny rule", but until two days ago everything worked perfectly.

I have active GeoIP and IDS block with automatic rule update, not IPS because I have pppoe connection.

I enclose a screenshot.
Thank you all for your help.

Thank you for the clarification

hello everyone,
I have a question about the IDS system.

I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.

I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".

shouldn't it be "blocked"?

thanks to all