Geo blocking & IPS

I’m curious…

Just say I block incoming traffic from all locations / countries (I’m on core 148 and therefore using new libloc) - does it therefore become pointless to also have Intrusion Prevention features enabled?

Regards,

Hi,

no, since an IPS provides more insight in network connections than a packet filter
can do. For example: Outgoing connections might be initiated by malware for C&C communication,
port scanning, or sending spam.

When it comes to web-based traffic, you might want to know about anomalies such as TLS
traffic anomalies, browser exploits, and various other malicious activities.

An IPS extends the functionality of IPFire. It cannot replace a good firewall ruleset,
and vice versa.

Thanks, and best regards,
Peter Müller

1 Like

@pmueller

Had totally overlooked other traffic such as outbound connections and stateful responses to web browsing.

Thanks for taking time to respond and fill in some missing blanks for me.

R