Hi,
ok i am very confused now.
Since the last years i used ipfire, and I enable mostly all blacklists i did find and load or IPS lists was always on.
And the number of hitting and logging was always the same always from 8K to 12K hits daily on red. And i thought this would normal.
So last weeks i change the firewall behaviour on all “block” and I created all rules till all was working, finally i stopped all scanning on ipfire, no blacklist is loading IPS was stopped and since one week i have max 800 hits a dayx in the log mostly 2 IPs.
So like in quantum physics? I only see what I want to see if I have a look?
I have only hits in the logs if i aspect them and loaded the blocklists?
I don`t understand this behavior, it is only less logging now, or why I doing only recognize 10% of the noises in the internet as i did it before?
I aspected that the numbers were equal but this results I would call a big gap.
greetz all!