Change Action to Drop in bulk

[HenrysCat]

Under Services > Intrusion Detection > Administration is there an easy way to set all enabled to Drop, I have spent the best part of an hour searching to no avail, the list 60814 entries and I can show max 1000 per page, and if I select Filters > status/enabled nothing changes.

I'm sure I'm missing something obvious but just can't find it.

Thanks all.

[errored out]

List all the rule you want to configure to drop.  Click the check box at the top of the list (to the left of sid).  This will select (check) all the rules listed below the sid checkbox and click on drop of the bottom of the rule list (below the last rule)

[HenrysCat]

I found that but there are 60k to go through, not really practical.

Is there any clear documentation or forum post on how to configure the policy section, again I have searched but found nothing useful.

Thanks

[errored out]

I don't remember enabling the rules.  I believe they were already enabled by default; at least the important ones.  I.E. DOS, malware, trojans, etc.    Are all the rules disabled by default? 

Thanks for helping me on my other thread.
https://forum.opnsense.org/index.php?topic=21573.0

[mimugmail]

Under Services > Intrusion Detection > Administration is there an easy way to set all enabled to Drop, I have spent the best part of an hour searching to no avail, the list 60814 entries and I can show max 1000 per page, and if I select Filters > status/enabled nothing changes.

I'm sure I'm missing something obvious but just can't find it.

Thanks all.

In Tab Downloads per category should be one

[Superduke]

Under Services > Intrusion Detection > Administration is there an easy way to set all enabled to Drop, I have spent the best part of an hour searching to no avail, the list 60814 entries and I can show max 1000 per page, and if I select Filters > status/enabled nothing changes.

I'm sure I'm missing something obvious but just can't find it.

Thanks all.

In Tab Downloads per category should be one

I was searching for the same functionality since the 21.1 migration.  I haven't found one yet and there is nothing shown in the Downloads tab of note.....has anyone solved this yet?  Seems pointless that an IDS/IPS can't prevent without hours of mindless clicking 'enable'.....

[HenrysCat]

I finally figured it out, you have to set up a policy.
Under Rulesets tick the ones you want then set up as in screenshot.

[Superduke]

Thank you.....I did have a policy set up, but the alerts log still seemed to show that it wasn't blocked or dropped.

But I deleted that one and created a new one just in case.  FWIW, I ran a speedtest and my performance goes WAY down....since the 21.1 migration, suricata isn't playing nice....not sure why.