OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.7 Legacy Series »
  • info ids rules and action
« previous next »
  • Print
Pages: [1]

Author Topic: info ids rules and action  (Read 2747 times)

abranca

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
info ids rules and action
« on: November 25, 2020, 05:28:03 pm »
hello everyone,
I have a question about the IDS system.

I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.

I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".

shouldn't it be "blocked"?

thanks to all
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: info ids rules and action
« Reply #1 on: November 25, 2020, 05:44:47 pm »
Hi
Quote
I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.
that's the difference between IDS and IPS
Logged

abranca

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: info ids rules and action
« Reply #2 on: November 28, 2020, 02:32:06 pm »
Thank you for the clarification
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.7 Legacy Series »
  • info ids rules and action
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2