hello
im new to ipfire. which categories best for standart home network? all catagories ?
Hallo @johnytheboar
Welcome to the IPFire community.
Definitely do not select every ruleset in the Emerging Threats provider. You will end up consuming memory for running rules that will never trigger on your network if for instance you do not have a mail server on your network or you will end up blocking some of your own wanted traffic such as for instance OS updates via apt-get as used by. Debian and Ubuntu.
Unfortunately there is no simple answer, “select these rulesets and it will work for your home network”.
Your home network and mine could likely be very different and therefore require different tailoring of the ruleset selections.
Your best approach is to read the guidance in the IPFire documentation on ruleset providers and rulesets selection.
https://www.ipfire.org/docs/configuration/firewall/ips
https://www.ipfire.org/docs/configuration/firewall/ips/rulesets
https://www.ipfire.org/docs/configuration/firewall/ips/rule-selection
The third link above is the one that gives guidance on the approach to use in selecting the rulesets and the rules within them to meet your network requirements.
Also note the information in the documentation that you can set a specific ruleset provider into “monitor only” mode.
This way you can turn on some rulesets and then review the logs after a few days to see if they identified traffic that you would like to stop or if they triggered on things that would have caused your required traffic to be blocked (false positives). Once happy with the traffic being triggered you can then uncheck the “monitor only” mode and it will start to block any triggered traffic.
4 Likes
thanks dear adolf.