I’m using IPFire 2.25 (x86_64) - Core Update 142 and I’m still pretty new to using it but everything seems to be working so far.
I have the Firewall > Intrusion Prevention running on all of my interfaces and an using the Emergingthreats.net Community Rules ruleset; I have several of the rulesets checked.
In the Logs > IPS Logs, it appears to show the information of possible attacks to include the names of the attacks. I’m wondering if these listed names are the names that have been checked in the rulesets or if these are the possible attacks that are knocking on the door of my selected interfaces, or a combination of both?
If there was a “Show All” link in the rulesets in the Firewall > Intrusion Prevention, I could check each of the entries in the IPS Logs against the “Show All” displayed and make sure they are checkmarked; copy the name and do a find in the “Show All”. It would be hard to go through each individual ruleset looking for the name. Does that make sense?
Any suggestions would be most helpful. Thank you.