Firewall and IDS / IPS question. Novice at networking. Have IDS / IPS enabled, notifications active at high level, medium at block level. I receive daily Intrusion Detection Alerts, typically with my son’s PC as target IP address. Over time, many have repeated source IP (external). I have established firewall rules to Reject incoming traffic from repeat offenders (and some across the related subnet ex. 23.33.44.0/24, zone in =WAN). I continue to get Intrusion Detection Alerts for these addresses, event though firewall rule to block them. Is this behavior expected, is my rule ineffective, is it something else. ?
Post a screenshot of the rules
Could there be a rule allowing the traffic at a higher priority?
Great question. There are a few explicit allows above these rules (ex. allow ping, allow DHCPv6, allow DNS, etc.). I will move the explicit denies to the top and see how that goes.
THANK YOU for the reply.