Topics

1

Intrusion Detection and Prevention / pfsense equivalent to SourceIP/SID whitelisting

« on: January 13, 2024, 03:52:31 pm »

Hello,
I recently switched to opnsense and activated the suricata IPS.
One thing is missing to me is the DHCP lookup and IP whitelisting I got on pfsense snort/suricata interface.
On the attached screenshot, in purple you'll see 2 icons:
- 1 magnifying glass: cliking on it the interface try to resolve for example the local ip thanks to DHCP server registered data. So it is quicker to understand who is doing bad stuff.
- 1 "+ mark" that allow add the couple IP/rule SID to a passlist for example to disable alert for a specific IP/SID.

Is there any equivalent of "+" mark behaviour on opnsense (the one that is missing the most for me), that is defining a pass lsit with src_ip/SID ?
Any plan to add these 2 options?

2

Intrusion Detection and Prevention / [SOLVED] Disabled rules are still popping up into alert tab

« on: January 09, 2024, 11:14:59 am »

Hello,
I've just setup my ids as pictured in opensense_config.jpg.
I've started to disable some rules as pictures in opnsense_disabled_rules.jpg

Sadly the disabled rules keep poping up into the alert viewer. And even clicking on the "pen" icon it is seen as disabled but still detected :/
(see opnsense_disable_rules_visibles.jpg)

Do I miss someting?

3

Virtual private networks / [OpenVPN] Is there a way to define firewall rules based on AD group or user

« on: June 10, 2023, 11:31:49 am »

I'm using openvpn with ldap authentication connected to our windows Active Directory.
When openvpn client connects it uses user and password form AD. (so opnsense has the ability to know if an user is in a specific AD group)
I want to define some specific rules like: if user in "Developer Group" allow ssh to xxx.xxx.xxx.xxx internal IP.
Is there a way to do this on openvpn?
Thx!
(ps: I'm migrating from stormshield, and it has this functionnality)