Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
Load default rules in Intrusion Detection
« previous
next »
Print
Pages: [
1
]
Author
Topic: Load default rules in Intrusion Detection (Read 6090 times)
enoch85
Newbie
Posts: 5
Karma: 0
Load default rules in Intrusion Detection
«
on:
June 05, 2016, 01:02:04 am »
So, I played around with Intrusion Detection and enabled rules that I thought would be nice to have (DOS, Trojan, Scan Fedo Tracker), hit apply and now I can't browse until I turn Intrusion Detection off. Just removing "Enabled" didn't help as the rules are still enabled when I go to "Rules", something to improve imo.
Is there any way to load the "default rules" or delete all the current rules and start over? If I check rules I have >58000 entries and need to manually remove each one. I will be done when I'm 100 years old.
Also, are there any rules that you recommend? I run a ESXi server with some domains over SSL and I would really want some more security if possible.
Thanks!
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Load default rules in Intrusion Detection
«
Reply #1 on:
June 05, 2016, 10:59:32 am »
Hi enoch85,
Did you apply your changes? (download & apply when changing complete rulesets, apply when changing specific rules)
Download / Apply should also remove the uninstalled sets.
Same comment on Github too: can you please only add issues on GitHub for missing features or if the outcome of the forum thread is that it is (looks like) a bug.
(for more info about creating issues, please read
https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
)
As for the recommended rules, the abuse.ch sets are pretty useful with very little false positives, I would start with those and test again. If all works, then add some of the ET rulesets, like malware, trojan.
Best regards,
Ad
Logged
enoch85
Newbie
Posts: 5
Karma: 0
Re: Load default rules in Intrusion Detection
«
Reply #2 on:
June 05, 2016, 12:23:07 pm »
Yes, the rules I applied was removed when I clicked "Download & Update Rules". Thanks!
After that I got the "default rules" left - 21 enteries that were enabled. I then clicked Enable --> Apply, and the same issue occured, I could browse but it was veery slow and most pages didn't work. So not even the "default rules" worked. Am I doing something wrong?
Btw, I'm on IRC.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Load default rules in Intrusion Detection
«
Reply #3 on:
June 05, 2016, 01:06:27 pm »
It's probably an issue with netmap in combination with your network driver, which type of network card is configured in ESXi and do you have all hardware offloading features disabled?
Logged
enoch85
Newbie
Posts: 5
Karma: 0
Re: Load default rules in Intrusion Detection
«
Reply #4 on:
June 06, 2016, 01:47:06 pm »
I use VMNET3 for the Network, and this is how my config looks like in the firewall:
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
Load default rules in Intrusion Detection