Messages

Don't understand, if it's related to the to the WAN reject rules, that nothing is logged?
The global logging is enabled, logging of the WAN reject rule also.

Hello,

I comming from pfSense and migrated to OpnSense. Not shure, if it's an understanding problem or a other issue.

Using Maltrail, IDS/IPS and Crowdsec. In the floating firewall rules I have some IPBLs blocklist to block incoming and outgoing to ToR, DROP, ET and some more. Also a VoIP NAT into one of the DMZ interfaces.

In the IDS/IPS, Crodsec and Maltrail and also in the firewall log I did not get any log alerts for connection attempts, like some bot nets. I expected, that in Suricatta, Maltrail and these attempts would be alerted.
Some time ago, I got also some Surricata and Maltrail alerts.

I this behaviour OK? Or I am wrong or is there an issue?

Comming from pfSense, I have troubles to get the IDS got working.

I have not get any alerts on the WAN, some few on the LAN. Tried several different pattern matcher, promisc / non promisc, policies and rule enablements, but there are no or only a few alters in the log.

Also the EICAR test was not successful. No alert nor blocking.