OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.1 Legacy Series »
  • Load default rules in Intrusion Detection
« previous next »
  • Print
Pages: [1]

Author Topic: Load default rules in Intrusion Detection  (Read 6089 times)

enoch85

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Load default rules in Intrusion Detection
« on: June 05, 2016, 01:02:04 am »
So, I played around with Intrusion Detection and enabled rules that I thought would be nice to have (DOS, Trojan, Scan Fedo Tracker), hit apply and now I can't browse until I turn Intrusion Detection off. Just removing "Enabled" didn't help as the rules are still enabled when I go to "Rules", something to improve imo.

Is there any way to load the "default rules" or delete all the current rules and start over? If I check rules I have >58000 entries and need to manually remove each one. I will be done when I'm 100 years old.

Also, are there any rules that you recommend? I run a ESXi server with some domains over SSL and I would really want some more security if possible.

Thanks!
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 907
  • Karma: 184
    • View Profile
Re: Load default rules in Intrusion Detection
« Reply #1 on: June 05, 2016, 10:59:32 am »
Hi enoch85,

Did you apply your changes? (download & apply when changing complete rulesets, apply when changing specific rules)
Download / Apply should also remove the uninstalled sets.

Same comment on Github too: can you please only add issues on GitHub for missing features or if the outcome of the forum thread is that it is (looks like) a bug.
(for more info about creating issues, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md)

As for the recommended rules, the abuse.ch sets are pretty useful with very little false positives, I would start with those and test again. If all works, then add some of the ET rulesets, like malware, trojan.

Best regards,

Ad


Logged

enoch85

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: Load default rules in Intrusion Detection
« Reply #2 on: June 05, 2016, 12:23:07 pm »
Yes, the rules I applied was removed when I clicked "Download & Update Rules". Thanks!

After that I got the "default rules" left - 21 enteries that were enabled. I then clicked Enable --> Apply, and the same issue occured, I could browse but it was veery slow and most pages didn't work. So not even the "default rules" worked. Am I doing something wrong?

Btw, I'm on IRC.
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 907
  • Karma: 184
    • View Profile
Re: Load default rules in Intrusion Detection
« Reply #3 on: June 05, 2016, 01:06:27 pm »
It's probably an issue with netmap in combination with your network driver, which type of network card is configured in ESXi and do you have all hardware offloading features disabled?
Logged

enoch85

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: Load default rules in Intrusion Detection
« Reply #4 on: June 06, 2016, 01:47:06 pm »
I use VMNET3 for the Network, and this is how my config looks like in the firewall:

Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.1 Legacy Series »
  • Load default rules in Intrusion Detection
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2