Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Deleting rulesets
« previous
next »
Print
Pages: [
1
]
Author
Topic: Deleting rulesets (Read 3754 times)
CoffeePacketFilter
Newbie
Posts: 2
Karma: 0
Deleting rulesets
«
on:
August 07, 2019, 03:28:01 pm »
I'm a PFSenese user trying out OPNSense for the first time. I like OPNSense and, overall, have found the GUI and feature integration a major plus, currently running 19.7.2-amd64.
I'm experimenting with IDS for the first time and would like to download rulesets, poke around and test, and then scrap and start over as this is a test install. So far, however, I've found no way in the GUI to remove a downloaded ruleset. This isn't mentioned in the documentation nor have I found it in the forum (yet), beyond using the CLI. Since I'm just running test configurations it is difficult to manage the hundreds of rules that a test rulesets can add. I assume that I'm missing something obvious and would very much like to avoid having to maintain sshd on my firewall just to remove rules/rulesets using the CLI. Help?
Logged
franco
Administrator
Hero Member
Posts: 17675
Karma: 1613
Re: Deleting rulesets
«
Reply #1 on:
August 21, 2019, 05:31:43 pm »
Hi there and welcome,
Cleanup should be automatic. There were some patches in 19.1.x if I remember correctly. Do you see something to the contrary?
Cheers,
Franco
Logged
CoffeePacketFilter
Newbie
Posts: 2
Karma: 0
Re: Deleting rulesets
«
Reply #2 on:
August 29, 2019, 06:23:57 pm »
Just in case I'm missing something this is where I am:
I enabled the 'ET open/botcc' ruleset and then downloaded the rules in the Services > Intrusion Detection > Administration > Download tab. They installed and I can see them in the 'Rules' tab and here: /usr/local/etc/suricata/opnsense.rules/botcc.rules here: /usr/local/etc/suricata/rules/botcc.rules and listed here: /usr/local/etc/suricata/installed_rules.yaml. These remain in the installed_rules.yaml and present in the 'Rules' tab and above directories even after I disable the ruleset in the 'Download' tab. I have not at any point enabled any of the rules. I can't seem to find any location in the GUI where I can delete rules or rulesets, just enable/disable in the 'Download' tab. I just updated to OPNsense 19.7.3 today, no change. I have tried Chrome, Firefox, and Safari.
My intent has been just to poke around before actually doing any live testing (this is my test firewall, not live) and would like to be able to try some things out, do some performance testing, wipe it clean (including rules I am not using), try something else, etc. but the 'wipe clean' option I can't seem to find. I can attach logs or screenshots upon request.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Deleting rulesets