Archives
/
opensense-docs
mirror of https://github.com/opnsense/docs
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update ips-bypass.rst - removed images

Browse Source
pull/485/head
Monviech 9 months ago committed by GitHub
parent 02d1b20437
commit f2d55d39f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File

34
source/manual/how-tos/ips-bypass.rst
Unescape Escape View File

@ -4,8 +4,8 @@ IPS - Bypass local traffic from inspection
This tutorial explains how to bypass traffic between local attached networks. Following this tutorial will result in traffic only being inspected between external (WAN) networks and internal (LAN) networks.
* Benefit: There will be faster routing performance between local attached networks when Intrusion Detection is enabled in IPS mode.
* Potential Risk: **Internal traffic** between local attached networks **WON'T be inspected anymore**, so use this with care!
* **Benefit**: There will be faster routing performance between local networks when Intrusion Detection is enabled in IPS mode.
* **Potential Risk: Internal traffic WON'T be inspected anymore, so use this with care!**
-------------
Prerequisites
@ -23,25 +23,34 @@ User defined
Select the tab **User defined**.
|ids_tabs_user|
-----------------
Create new Rules
-----------------
Select |add| to add a new rule.
Select **+** to add a new rule.
* Input the **Source IP** as IP with CIDR-Suffix or Prefix, e.g. ``10.0.0.0/8`` or ``2003:a:a:a::/56``
* Input the **Destination IP** as IP with CIDR-Suffix or Prefix, e.g. ``10.0.0.0/8`` or ``2003:a:a:a::/56``
* Select the **Action** as *Pass*
* Enable the **Bypass** checkbox
* Set the **Description** as "Bypass net 10.0.0.0 to 10.0.0.0"
|ips_bypass_1|
Select **+** to create additional new rules
* Repeat the above step to create rules between each of the RFC1918 Private IPv4 subnets. (``192.168.0.0/16``, ``172.16.0.0/12``, ``10.0.0.0/8``). This will result in 9 rules.
* Repeat the above steps to create rules between each of the RFC1918 Private IPv4 subnets. (``192.168.0.0/16``, ``172.16.0.0/12``, ``10.0.0.0/8``). This will result in 9 rules.
* If you use IPv6, create additional rules between your IPv6 Prefixes. You can find them in :menuselection:`Interfaces --> Overview` at IPv6 prefix of the selected WAN interface. (e.g ``2003:a:a:a::/56``)
|ips_bypass_2|
The finished IPv4 ruleset should include the following rules:
* ``Bypass net 10.0.0.0 to 10.0.0.0``
* ``Bypass net 10.0.0.0 to 172.16.0.0``
* ``Bypass net 10.0.0.0 to 192.168.0.0``
* ``Bypass net 172.16.0.0 to 10.0.0.0``
* ``Bypass net 172.16.0.0 to 172.16.0.0``
* ``Bypass net 172.16.0.0 to 192.168.0.0``
* ``Bypass net 192.168.0.0 to 10.0.0.0``
* ``Bypass net 192.168.0.0 to 172.16.0.0``
* ``Bypass net 192.168.0.0 to 192.168.0.0``
-------------------
Apply configuration
@ -49,12 +58,3 @@ Apply configuration
First apply the configuration by pressing the **Apply** button at the bottom of
the form.
..
.. |ids_menu| image:: images/ids_menu.png
.. |ids_tabs_user| image:: images/ids_tabs_user.png
.. |add| image:: images/ids_tabs_user_add.png
.. |ips_bypass_1| image:: images/ips_bypass_rule_1.png
.. |ips_bypass_2| image:: images/ips_bypass_rule_2.png
.. |apply| image:: images/applybtn.png

Write Preview
Loading…
Cancel
Save