Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Aug 2021
    Posts
    3

    Default IPS - Disabled rules still blocking

    Hi, I'm having issues with IPS rules. After some reading, I'm pretty sure I understand how things are supposed to work.
    I was seeing a lot of unnecessary blocking from Classtype=Protocol-command-decode.
    So I disabled that classtype altogether. However, I am still seeing it showing in by blocked events.
    I have tried more specific rules as well, such as blocking that classtype with specific messages and still no luck.
    Please let me know if there is somewhere that I can find more information on this if I am doing something incorrectly.
    Thanks.

    rules.JPG
    blockedevents.JPG

  2. #2
    Newbie
    Join Date
    Aug 2021
    Posts
    3

    Default

    This seems pretty similar to what others were complaining of a couple years back. No solutions suggested for their issue either.
    forums.untangle.com/intrusion-prevention/41602-message-rule-not-applied-properly.html

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    First rule match wins...

    Putting the pass below the block... never works. Move that rule up in the list.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Aug 2021
    Posts
    3

    Default

    Thanks for the tip, I didnt realize that the list was also the processing order. That makes sense.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2