secdoc
secdoc
> > > Hello! > > > Maltrail doesn't block connections itself, it is just IDS. It can be set up to work together with block mechanism (https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips), but I...
> Exactly, opnsense fetches the fail2ban url at Regularien intervall and builds an dynamic alias How do you exclude (allowlist) explicit IPs or domains because I have placed the IP...
> Due to CHANGELOG: MT from 0.65 version (https://github.com/stamparm/maltrail/blob/master/CHANGELOG#L43) has possibility to build custom blacklists (#19230): > > . Looks like this mechanism allows to build bypass rule for defined...
> > Is the plugin maintained by OPNsense then or is that part of the Maltrail project? > > Plugin is maintained by OPNsense. Thanks
> > > > Is the plugin maintained by OPNsense then or is that part of the Maltrail project? > > > > > > > > > Plugin is...
@MikhailKasimov on a side note, has there been a change in the way the `known_attacker` is handled? This may be another OPNsense related issue, but since I have gone to...
This is just an update to this issue. After applying the OPNsense 24.7.3 update today, the Maltrail traffic patterns that were expected returned. So not sure if part of the...
@MikhailKasimov the client is running.   
> looks like sensor is dead (not web server). you should restart it somehow It is showing as having been restarted, but I will restart the OPNsense FW to see...
@MikhailKasimov do you want "all" or the last/most resent set covering the last week or two?