"Quote from: Patrick M. Hausen on April 02, 2026, 12:11:02 PMSince diverting to IDS is handled by explicit firewall rules you could exempt local management traffic from the IDS.
OK, Thank you for advice. I am planning to enable IPS for all rules.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Intrusion Detection and Prevention / Re: Problem with IPS/IDS Divert Mode
April 03, 2026, 12:15:31 AMOK, Thank you for advice. I am planning to enable IPS for all rules.
#2
Intrusion Detection and Prevention / Re: Problem with IPS/IDS Divert Mode
April 03, 2026, 12:11:22 AMQuote from: Monviech (Cedrik) on April 02, 2026, 12:04:40 PMIts not a bug, you divert the paket decisions to a different service, if its not running nobody can decide, there is no fallback for obvious reasons (what if somebody maliciously stops your IDS service for example)
oh, I get it but I think it will cause some impact if we need maintenance Suricata such as restart it.
#3
Intrusion Detection and Prevention / Problem with IPS/IDS Divert Mode
April 02, 2026, 11:18:59 AM
Hello,
I am using IDS/IPS in divert mode. It works correctly while the service is running. However, when I stop the IDS/IPS service, the rules no longer work. For example, I am not able to SSH to the server even though it should be allow by my rules.
Does it a bug?
I am using IDS/IPS in divert mode. It works correctly while the service is running. However, when I stop the IDS/IPS service, the rules no longer work. For example, I am not able to SSH to the server even though it should be allow by my rules.
Does it a bug?
#4
Intrusion Detection and Prevention / Re: Performance Tunning on Openstack
April 01, 2026, 12:16:48 PMQuote from: Monviech (Cedrik) on April 01, 2026, 11:31:36 AMYou could look into the new divert-to mode which will not use the netmap driver, so it should have better performance in non-optimal environments.
https://docs.opnsense.org/manual/ips.html#general-setup
Thank you much. I will test it. :)
#5
Intrusion Detection and Prevention / Performance Tunning on Openstack
April 01, 2026, 10:52:15 AM
Hello,
I am setting up IPS in an OpenStack environment. It works fine when I use a single NIC, but when I use more than one NIC, I encounter the following errors:
I tried configuring the system with:
dev.netmap.buf_num = 1000000
dev.netmap.admode = 0
dev.netmap.ring_num = 256
dev.netmap.buf_size = 4096
However, it did not work. When I changed dev.netmap.admode to 2, it started working, but only in emulated mode with poor performance.
I would appreciate any advice on how to run IPS efficiently in an OpenStack environment.
Thank you.
I am setting up IPS in an OpenStack environment. It works fine when I use a single NIC, but when I use more than one NIC, I encounter the following errors:
I tried configuring the system with:
dev.netmap.buf_num = 1000000
dev.netmap.admode = 0
dev.netmap.ring_num = 256
dev.netmap.buf_size = 4096
However, it did not work. When I changed dev.netmap.admode to 2, it started working, but only in emulated mode with poor performance.
I would appreciate any advice on how to run IPS efficiently in an OpenStack environment.
Thank you.
Pages1
