What secutities features does openwrt offer? My question is related to incomming connections from outside. I read about snort3 but it looks like too much for what I need/want I supose.
I was looking for something that detect that an host is doing suspected requests into my network or is simple scanning for multiple ports on my network etc. Is it what you call IDS? By default there is logs about all the incomming connections that I can look into?
Where can I read more about it?
Thank you
By default it blocks all incoming unsolicited traffic from the internet to the lan. It permits a minimal set of unsolicited packets from the internet to the wan interface. There is snort available in the packets if you want an IPS/IDS.
More to read in the wiki.
If you're interested in IDS/IPS (which do detailed inspection of packets going out to (and back from) the internet, this requires a very powerful router to do at any reasonable speed (i.e. x86 class, this will be extremely slow on any consumer grade/all-in-one device).
Most users do not need this type of packet inspection
I may not express myself correctly. I'm running several apps on some hosts that I expose to the outside, nextcloud, home assistant, wiki, and others. They run on two hosts inside the lan. A nginx proxy on one of the hosts(now, but I'll move it to the router) forward the incoming connections to each host based on the subdomain.
I would like to know if some malicious agent is trying to bruteforce a connection on one of this hosts or trying to exploit some bug on nginx etc.
I found CrowdSec on another post and I think it is enough. Do you know it?