Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
IPS Rules empty
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPS Rules empty (Read 1916 times)
anthael
Newbie
Posts: 3
Karma: 0
IPS Rules empty
«
on:
August 17, 2021, 11:02:43 am »
Hi
Since the new version 21.7 is deployed, I have notices issues running surricata.
I have spot the following issues unless the alert tab is correctly filled up:
- the rule list is empty but the rules are working but it makes me impossible to add a rule to ignore a specific rule
ie
https://x.x.x.x/ui/ids#rules
( i have tried to select all the filters possible )
- the rules always sets to alert and no blocking ( i guess the problem came with new config )
My basic config here is
Version
OpnSense : 21.7.1
Architecture : amd64
Type : Community
Module installed
- os-intrusion-detection-content-pt-open 1.0_1
- os-intrusion-detection-content-snort-vrt 1.1_1
- os-etpro-telemetry 1.5
Module activated
- snort_vrt.oinkcode
- et_telemetry.token ( registered )
Config applied
- IPS mode
- Prosmicuity mode
- Pattern matcher : hyperscan
- Interfaces : all
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: IPS Rules empty
«
Reply #1 on:
August 17, 2021, 03:46:21 pm »
It's caused by faulty data in pt-open rules.
Cheers,
Franco
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: IPS Rules empty
«
Reply #2 on:
August 17, 2021, 05:49:00 pm »
Hi
can you add screenshots of enabled rulesets in "download" tab and Rules tab?
if "PT Research ruleset" enabled then I agree with @franco - the matter is in incorrect metadata of the PT-research rules (
https://github.com/opnsense/core/commit/3f73088673973676a4f8d42c1da0134d9c6ac82f
should help)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
IPS Rules empty