Filtering Alerts by severity and lists of blocked IPs

Started by BearaLuxe, May 01, 2025, 09:59:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 01, 2025, 09:59:26 AM Last Edit: May 01, 2025, 01:58:13 PM by BearaLuxe
Hi,

I recently moved to OPNsense from PfSense after over a decade of use.

Generally very happy with the switch.

However,

In PfSense I was able to filter alerts by severity 1-3 in the GUI.

How do I do this in OPNsense?

Also in PfSense I could see in the GUI the list of blocked IP adresses when using IPS.

How do I do this in OPNsense?

Thanks

May 06, 2025, 07:42:42 PM #1
Severity is written into the rule. It could be changed manually but what for. In opnsense decide what you want the rule to do, which is called the action, In IPS mode when triggered. Alert, Drop, Disabled. No matter the severity. They are all severe. The rules are things that should not happen, ever. Youve may have heard of a false positive, nonsense, no such thing, they are set to trigger for a certain reason. They do have to be adjusted, say if you want to go to social media, because there are rules that in opnsense rulesets that will block that site. These will block beacons. Its about security. Hope that helps a little.
Print
Go Up Pages1
User actions