2questions IDS/IPS

jodumont · September 27, 2018, 03:32:21 PM

Hi everyone;

1.
My public IP, in fact all ip of my ISP are blacklisted by spamhaus.
if I active the IPS mode on my WAN and active the DROP list what will happen ?

2.
If the IPS mode is activated on my LAN interface and I forward a ports; do these ports still under the IPS protection or the traffic will be forward before ?

mimugmail · September 27, 2018, 04:01:55 PM

You should activate EDROP via Alias and not IPS, way more performant. Then you can add a whitelist in fron of the rule.

jodumont · September 27, 2018, 08:45:51 PM

thank for sharing your tough it make me discover a new way of doing it :)
https://wiki.opnsense.org/manual/how-tos/edrop.html

:D

2questions IDS/IPS

jodumont

September 27, 2018, 03:32:21 PM

mimugmail

September 27, 2018, 04:01:55 PM #1

jodumont

September 27, 2018, 08:45:51 PM #2