IDS/Intrusion Detection: Policy doesn't seem to change Rules at all

schuc · November 08, 2021, 01:37:42 AM

In IDS, I have created a policy to change ALL rules to disabled. Yet, when I look at the rules, there are a few that are checked/enabled. I can't manually check/uncheck them but I may create another post for that.

Please have a look at the following screenshots and let me know if something in the setup looks wrong to you:

Thanks and I appreciate any suggestions.

This is on a Protectli FW4B running OpnSense 21.7.4 and Suricata 6.0.3_3.

Fright · November 08, 2021, 07:52:14 PM

what is indicated in the "matched_policy" field for the "ET P2P Phatbot Control Connection" rule when you click on the edit button?

IDS/Intrusion Detection: Policy doesn't seem to change Rules at all

schuc

November 08, 2021, 01:37:42 AM

Fright

November 08, 2021, 07:52:14 PM #1