Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Drop Policy and directly set Rule to "Drop" not working.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Drop Policy and directly set Rule to "Drop" not working. (Read 183 times)
dot1x
Newbie
Posts: 3
Karma: 0
Drop Policy and directly set Rule to "Drop" not working.
«
on:
March 28, 2024, 03:45:09 pm »
Hey there.
I have a Problem in the IPS of OPNsense.
I did download and enable some rules and i see them all hitting in the alert tab. I also created a Policy including all downloaded rules to set them to drop.
When i now look at the alert tab, i see that requests get dropped. Like Network trojan and many other things.
But when it comes to the emerging threads scan category. Everything is allowed. I tried different NMAP scans, they all get detected but are allowed and not like i would like to have them on "drop".
So i thought something must be wrong or bugged with the policy. So i set all corresponding emerging thread scan rules to drop in the "rules" tab.
Restarted Suricata, restartet the firewall itself. But still, different rules not just scan just get allowed. How is this possible when i did set them to drop via policy and rule tab?
Thanks for any help
Logged
Greg_E
Full Member
Posts: 108
Karma: 3
Re: Drop Policy and directly set Rule to "Drop" not working.
«
Reply #1 on:
March 28, 2024, 06:32:26 pm »
After changing them, did you go back to the rules tab and hit apply? I'm guessing you did but thought I would ask.
Otherwise I'm not sure as you did everything else I would recommend. Something I really need to sit down and figure out and it might be a case of messing it up once, and the mess up stays on the machine so wipe the drive and start from a config backup (probably my next step for a couple of reasons).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Drop Policy and directly set Rule to "Drop" not working.