English Forums > Intrusion Detection and Prevention

Rules on Aliases and Timebased

(1/1)

mlembke:
Hi,

i would like to use the Games Rules to block Traffic of Devices.
So at the moment i'm performing it manually with changing from alert -> drop and vice versa.

It would be a greate feature to allow it on a devicelist. Like an Alias of hosts.
They have reservations in DHCP, so a fixed IP. I would like to make an hostgroup and to define the Rulescategory
ET-Games on it.

Furthermore an time accounting would be greate. So it use a scheduled timeframe as alert and drop.

Best Regards
Markus Lembke

franco:
Hi Markus,

This is a very complex request sowing firewall aliases, schedules, dhcp leases and intrusion detection together into one feature.

This will be hard to implement in a reasonable time frame.

What would be your first step?


Cheers,
Franco

mlembke:
Hi Franco,

i think first of all it would be great to make it time based.
That should be not to hard i think.

Something like a cron job enabling or disabling rules grouped together in a simple container.
Selecting the rules and put it inside. When editing the conainer, you can change the content and on
saving the changes, the current container will be disabled, the new one will be saved and on the next schedule
it will be enabled.

Maybe there could be a button to manually enable/disable them.

Best Regards
Markus

Navigation

[0] Message Index