What every one forgets is this is only applicable if the traffic is not encrypted. The majority if traffic now is encrypted. The block list is probably better. The traffic needs to be decrypted for this to be useful.

Waiting on your wireguard VPN guide as so far your guides have been the easiest to follow i have seen.

great channel, and great explanation skills on all these videos! thank you very much!

Great video Kevin! Keep it up man!

Love your videos! Keep up the good work!

Thank you for all these great tutorials. I want To request an additional tutorial video. On how to make a second and third IP Subnet able to access the Internet. I am continually getting stuck on this. I can only get one subnet through to the internet. The others I cannot get through. I can’t figure out the right NAT policy to connect them to the Internet.

Thank you! Excellent video and advice 👍🏻

Quite a few holes. You assume we have seen some other video. You assume we know how and have already installed IPS of some sort. Wouldn't it better to make no assumptions and just start from the beginning?

Seriously, I don't wanna be rude, but you are missing a couple steps in your tutorial... Without a policy, nothing's gonna be filtered.

Thank you so much sir! I have a question, I have created a two virtual machine hosts Virtual machine a and virtual machine b, and I have one opnsense firewall. Now I want to know how these two virtual machines will communicate to different domain names through firewall rule proxy server? Thank you!

hello, could you show us how to generate access report in OPNSENSE?

Thank sir, is usefull. We can also get free list with telemetry proofpoint plugins. I have a question, i can see the label description "let out anything from firewall host itself" in firewall live log, when i activate log on the lan interface (allow 53,80,443) in firewall live log, its a normal message? (we can ignore them?)

I am thinking of installing opnsense. Is suricata built into opnsense or I have to install it manually?

How do you know if the fw does drop the malicious packages or it just gives alert, or maybe nothing....?

AWESOME SAUCE MAN !!! this is good !!

no offence but this video does not show or explain anything that official opnsense docs are showing.... For example, you should explain what are the most common good rules that are worth enabling and should focus on... There are literally gazillion of them and not all should be enabled (performance wise). Good example would be rules for social networks. Someone can enable this rule without thinking just by watching your video and cause an issue to his/her colleague that might be using social networks for work - "advertising", then again DoS should be mentioned or perhaps port scanners, or how to create a custom rule to block "shodan"). One more important thing which you failed to mention and that is, all those rules will only "alert" as far as I am aware, so basically it will work as IDS and not IPS (please correct me if I am wrong).... You can change those definitions to drop to be more efficient in blocking problematic traffic depending on your requirements -> this should be covered instead...

Hi after following all the steps, getting netmap_transmit em0 drop mbuff that need chechsum of flood. Can't access web gui though internet is working. Any help, please.

Why you not explain the most important detail when you activate SURICATA IPS to LAN block access to GUI i cannot access GUI when suricata is activated. I cannot find any single clue to validate the configuration to work, even doing rule for the specific port

Crontab rules actually meant at 12:00pm, not every 12 hours. That means every 24 hours. Otherwise, nice video, thank you.

there is no "next time" in this playlist ;-(

In nowadays with almost any connections encrypted Is pointless randomly install suricata. Or you know exactly what you are looking for or is just a waste of resources. If you think you need it hire a professional or you will not find anything.