Messages

I just restarted the firewall. It was still the same problem.

I tried messing around with the Policies. I did set it to disable and now my "emerging threat scan" rules work. Like i defined them in the rules tab with "drop".

I enabled the policy again, with the rule inside and it goes back to alert only. All other included rules in the policy go to drop.

So for now i take out the scan rule package from the policy and set them to manually drop. This works in my case.

I have the same problem.

Policies just don't work as expected on my side.

Included all my installed Rules. Set them to drop.

Some are now dropping, some are not- like port scans and sql injection attempts etc. etc.

I gone so far that i changed the scan rules themself to drop. But guess what. They are still coming through.

I even click on the triggered alert, showed me action allowed. But down in the dropdown it says rule action is set "drop".

Like i don't understand it anymore.

Hey there.

I have a Problem in the IPS of OPNsense.

I did download and enable some rules and i see them all hitting in the alert tab. I also created a Policy including all downloaded rules to set them to drop.

When i now look at the alert tab, i see that requests get dropped. Like Network trojan and many other things.

But when it comes to the emerging threads scan category. Everything is allowed. I tried different NMAP scans, they all get detected but are allowed and not like i would like to have them on "drop".

So i thought something must be wrong or bugged with the policy. So i set all corresponding emerging thread scan rules to drop in the "rules" tab.

Restarted Suricata, restartet the firewall itself. But still, different rules not just scan just get allowed. How is this possible when i did set them to drop via policy and rule tab?

Thanks for any help :)