Since we are on the topic of intrusion detection, I want to also ask something that’s been bothering me for some time:
When I come to the intrusion detection tab of the firewall, it may show some 50-100 addresses that have been blocked. But when I add another whitelist and save, the list suddenly shrinks to only a handful. Why? Does it mean that all of the banned addresses are now allowed? Is there a way to persist the ban list and only keep adding to it? My timeout is set to 3 years, so none of them should be dropped from the list.