New OPNsense Feature

Inline Intrusion Prevention OPNsense Development
data-ips

Getting Ready for 16.1…

As we are all getting ready for the next major release of OPNsense with lots of new features and enhancements I’d like to give you a heads-up on the inline Intrusion Prevention System.

“Future” Developments

Although on the roadmap for “Future” development and listed as Layer7/DPI plugin the team has managed to include this important feature into the current development version.

Netmap enabled

Ad and Franco have been working with Suricata to get the latest Netmap enabled version (2.1) ready for use in OPNsense.

Inline makes the P in prevention

The inline mode of IPS makes it a real prevention mechanism. Instead of just blocking an IP/Port the package will be inspected and  when certain traffic is detected  the packet/connection is dropped instantly, before it reaches the sender.

Deep Packet Inspection

Our Suricata based IPS solution is a deep packet inspection solution that looks at each package before it is allowed through the firewall. With this you can also block certain traffic types and allow others coming from the same IP.

Example Alert or Block games such as Warcraft:

IPS-Rules

Easy Setup

Enabling IPS will be very simple:

Enable_IPS

The Emerging Threats Community rules are fully integrated into the IDPS system and can be enabled per category. Sane defaults will be applied, but changing this default behavior  is just a matter of clicking on a rule, update and save.

IPS_Change_Rule

Try It Today

If you want to give the development version a try, then take a look at Ad’s forum post.

Standard in 16.1

As of version 16.1 inline intrusion prevention will be included by default.

Performance

For those looking for performance statistics Ad has tested it with one of Deciso’s midrange appliances (OPN20077R) resulting in really amazing performance of up to 500Mbps using a standard MTU size of 1500 bytes.

The future starts TODAY !

OPNsense is rapidly becoming the open source firewall of choice and on its way to “become the most widely used open source firewall solution”.

Join us today and get ready for 16.1!


 

Jos Schellevis

OPNsense Core Team Member