Total number of IPS rules activated: 0

I’ve been slowly implementing IPS rules, on our business IPFire here, and I thought it was being implemented, but under the web interface, under Logs > IPS Logs today I noticed it says the total number of IPS rules activated: 0.

I have a few simple questions. I’m using the Talos VRT Rules for registered users and I have the oink code put in place. There are many rules that show up for many categories.

The first question, There’s a checkmark next to the entire section of rules on the top level and by default, no category is checked, yet when you click the show button on the right, many categories have sub-items already checked.

Does the top category checkmark have to be checked for the rules underneath it to become active?

For the categories where sub-items are checked, are those enabled automatically?

I have some categories checked on the category level and some on the individual rule level, why would logs > IDS show that number of activated rules to be 0?

I have to say that the navigation of the GUI in this area is confusing. If someone could clarify I would appreciate it.

Chris

1 Like

Hi,

I assume you have read the corresponding documentation. If not, please do so now. :slight_smile:

Does the top category checkmark have to be checked for the rules underneath it to become active?

Yes.

For the categories where sub-items are checked, are those enabled automatically?

If the category above is enabled, yes. If not, no. (Those defaults come from the IPS rule source and are not influenced by IPFire itself.)

I have some categories checked on the category level and some on the individual rule level, why would logs > IDS show that number of activated rules to be 0?

“Activated” means something like “triggered” in this case, indicating a enabled IPS rule matched to some traffic. If you have enabled very little or uncommon rules, or are running a very clean and quiet network, that value might indeed be 0.

I have to say that the navigation of the GUI in this area is confusing. If someone could clarify I would appreciate it.

Could you please be more specific on this? What exactly is causing confusion?

Thanks, and best regards,
Peter Müller