Topics

hardware: OPNsense A10 Quad Core SSD Desktop Gen2 SKU: DEC630

-update from 20.1.9 to 20.1.9-1: OK
-update to 20.7: stuck after reboot, USB console showed no output
removed power, put back after 10s, resumed and finished update without issue, router came back after a couple minutes.

 19.1.6 to 19.1.7 Update went OK for me, reboot was quick.

Edit: it rebooted twice? showed rebooting in UI, then dashboard 19.1.7, then rebooted again, second time took longer.

Details in here: https://www.reddit.com/r/BSD/comments/9v6xwg/remotely_triggerable_icmp_buffer_underwrite_in/

So first I tried setting up IDS with GeoIP block of Traffic to China and Russia, no blocking or alerts happened with Intrusion Detection and IDS enabled.

Made a Firewall LAN rule that blocks outgoing traffic to GeoIP of China and Russia.
That blocks, yay!

As for alerts:
I've setup a Monit Service Test with:

content = " 84,,, "

Which is the number of the rule used as found out by:

ping rutube.ru, resolves to: 185.165.123.77

cat /var/log/filter.log | grep 185.165.123.77
or
grep " 84,,," /var/log/filter.log

Oct  5 20:26:56 router filterlog:
84,,,0,igb0,match,block,in,4,0x0,,64,24176,0,DF,1,icmp,84,192.168.1.228,185.165.123.77,datalength=64

I've set up a Service like so:

Type: File
Path: /var/log/filter.log
Test: <name of Monit Service Test>

No alerts appear in my mailbox, I do see the message that Monit restarted.
Status page of Monit also shows no content matches
What am I missing?

Sources I looked at:

https://mmonit.com/monit/documentation/monit.html#FILE-CONTENT-TEST
https://forum.opnsense.org/index.php?topic=5303.0