Show Posts
1
23.7 Legacy Series / IDS/IPS and passlists
« on: August 02, 2023, 06:03:31 pm »
All,
Looking to get some initial understanding/validation - considering the move from another pf-based firewall to OPNsense due to a critical issue: the other platform has apparently stopped supporting passlists on "inline mode" interfaces for Suricata. Thus, preventing the ability to ensure that certain source/destinations pass without false positive blocking (review validates that the packets are not an issue). While still maintaining the ability to apply various rules to all other [arbitrary] destinations. The lesser of two evils appears to be allowing certain source/destinations so that various rules do not have to be disabled for all other sources/destinations. This shifts certain aspects from the firewall layer to the client layer, but maintains greater protection for all other source/destinations within the firewall.
Is someone able to confirm/deny whether passlists are viable on inline mode interfaces and those passlists can contain multiple [auto updated] URL/Table lists?
Thanks!
Looking to get some initial understanding/validation - considering the move from another pf-based firewall to OPNsense due to a critical issue: the other platform has apparently stopped supporting passlists on "inline mode" interfaces for Suricata. Thus, preventing the ability to ensure that certain source/destinations pass without false positive blocking (review validates that the packets are not an issue). While still maintaining the ability to apply various rules to all other [arbitrary] destinations. The lesser of two evils appears to be allowing certain source/destinations so that various rules do not have to be disabled for all other sources/destinations. This shifts certain aspects from the firewall layer to the client layer, but maintains greater protection for all other source/destinations within the firewall.
Is someone able to confirm/deny whether passlists are viable on inline mode interfaces and those passlists can contain multiple [auto updated] URL/Table lists?
Thanks!