OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Custom Rules for IDS/IPS in OPNsense 24.7
« previous next »
  • Print
Pages: [1]

Author Topic: Custom Rules for IDS/IPS in OPNsense 24.7  (Read 760 times)

secdoc

  • Newbie
  • *
  • Posts: 27
  • Karma: 0
    • View Profile
Custom Rules for IDS/IPS in OPNsense 24.7
« on: August 07, 2024, 10:09:05 pm »
Is there there a way to create custom rules for IDS in 24.7?

I am specifically wanting to create an alert for GRE.

Code: [Select]
# Alert on GRE traffic to a specific IP
alert ip any any -> {IP ADDRESS} any (msg:"GRE traffic to specific IP"; ip_proto:47; sid:1000002; rev:1;)

# Alert on high-volume GRE traffic
alert ip any any -> any any (msg:"High volume GRE traffic"; ip_proto:47; threshold: type both, track by_src, count 1000, seconds 60; sid:1000003; rev:1;)
The current user defined option does not cut it...



« Last Edit: August 07, 2024, 10:18:58 pm by secdoc »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Custom Rules for IDS/IPS in OPNsense 24.7
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2