Inline Intrusion Prevention OPNsense Development
Getting Ready for 16.1…
As we are all getting ready for the next major release of OPNsense with lots of new features and enhancements I’d like to give you a heads-up on the inline Intrusion Prevention System.
Although on the roadmap for “Future” development and listed as Layer7/DPI plugin the team has managed to include this important feature into the current development version.
Ad and Franco have been working with Suricata to get the latest Netmap enabled version (2.1) ready for use in OPNsense.
Inline makes the P in prevention
The inline mode of IPS makes it a real prevention mechanism. Instead of just blocking an IP/Port the package will be inspected and when certain traffic is detected the packet/connection is dropped instantly, before it reaches the sender.
Deep Packet Inspection
Our Suricata based IPS solution is a deep packet inspection solution that looks at each package before it is allowed through the firewall. With this you can also block certain traffic types and allow others coming from the same IP.
Example Alert or Block games such as Warcraft:
Enabling IPS will be very simple:
The Emerging Threats Community rules are fully integrated into the IDPS system and can be enabled per category. Sane defaults will be applied, but changing this default behavior is just a matter of clicking on a rule, update and save.
Try It Today
If you want to give the development version a try, then take a look at Ad’s forum post.
Standard in 16.1
As of version 16.1 inline intrusion prevention will be included by default.
For those looking for performance statistics Ad has tested it with one of Deciso’s midrange appliances (OPN20077R) resulting in really amazing performance of up to 500Mbps using a standard MTU size of 1500 bytes.
The future starts TODAY !
OPNsense is rapidly becoming the open source firewall of choice and on its way to “become the most widely used open source firewall solution”.
Join us today and get ready for 16.1!
OPNsense Core Team Member