Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Intrusion Detection Clarification
« previous
next »
Print
Pages: [
1
]
Author
Topic: Intrusion Detection Clarification (Read 6782 times)
abel408
Newbie
Posts: 35
Karma: 1
Intrusion Detection Clarification
«
on:
July 20, 2017, 05:52:36 pm »
Hello!
I'm in the process of setting up intrusion protection with Suricata and I am a bit confused after looking at the options and reading the documentation.
What does the "IPS Mode" setting exactly do? I see that it says it blocks traffic. What kind of traffic? Does it block all my rules, even the ones that I have set to alert only?
I want to be able to pick and choose which rules should be blocked, which rules should log alerts and allow, and which rules should be ignored. Does IPS mode need to be enabled to do this?
Logged
bartjsmit
Hero Member
Posts: 2014
Karma: 194
Re: Intrusion Detection Clarification
«
Reply #1 on:
July 20, 2017, 06:33:57 pm »
IDS = intrusion detection system
IPS = intrusion protection system
IDS alerts you about bad traffic and IPS blocks it. The choice is global - i.e. you can't block on some rules and alert on others.
Bart...
Logged
abel408
Newbie
Posts: 35
Karma: 1
Re: Intrusion Detection Clarification
«
Reply #2 on:
July 20, 2017, 06:58:03 pm »
Ok.... I found out that without IPS enabled, my rules will just alert me (Even if they are labeled as block). So it appears that IPS does need to be enabled to block traffic. I am then able to pick and choose which rules will just alert and allow traffic and which rules should alert and drop traffic.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Intrusion Detection Clarification
