Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Where does the IDS sniff the packets?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Where does the IDS sniff the packets? (Read 1890 times)
thomas-hn
Newbie
Posts: 33
Karma: 0
Where does the IDS sniff the packets?
«
on:
October 07, 2020, 05:59:33 pm »
Hello,
how does the IDS (Services => Intrusion Detection) receive the incoming packets?
Is it getting the packets before the Firewall? I'm asking, because my IDS is currently listening to LAN & WAN and on the WAN side I see a lot of traffic to ports which are closed in the Firewall.
Can someone confirm please, that the IDS sniffs before the Firewall?
Thanks,
Thomas
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Where does the IDS sniff the packets?
«
Reply #1 on:
October 08, 2020, 06:12:35 am »
Yes it does, firewall is in kernel, IDS bit more near nic, so you cant drop first via pf
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
siga75
Full Member
Posts: 185
Karma: 11
Re: Where does the IDS sniff the packets?
«
Reply #2 on:
October 09, 2020, 02:51:17 pm »
Quote from: mimugmail on October 08, 2020, 06:12:35 am
Yes it does, firewall is in kernel, IDS bit more near nic, so you cant drop first via pf
Not sure this is the reason, NIC drivers are part of the kernel, even if a dynamically loaded module, and also run in system mode in order to access the hardware
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Where does the IDS sniff the packets?
«
Reply #3 on:
October 09, 2020, 05:43:21 pm »
Yes, but pf comes after IPS (incoming direction), thats a fact
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Where does the IDS sniff the packets?