1
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.7 Legacy Series / Re: os-frr + bgp + route map
« on: October 19, 2023, 08:48:48 pm »
We're having the same issue after upgrading. Must be a bug?
[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]
[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]
3
20.7 Legacy Series / Change in FRR and Firewall Rules?
« on: May 19, 2021, 05:27:19 pm »
We just performed an upgrade from 20.7.3 to 21.1.5. We're using FRR w/ OSPF. After the upgrade our OSPF relationships didn't come back up. We found that the packets were being blocked by the default Deny rule on the interface we have OSPF enabled.
We can add rules to allow the OSPF traffic, however, we didn't not need to specifically allow the OSPF traffic before the upgrade. Did something change and now either the OSPF rules are not automatically generated? Or perhaps somehow OSPF traffic was not subject to the firewalls rules in past OPNsense versions?
Thanks
Sean
We can add rules to allow the OSPF traffic, however, we didn't not need to specifically allow the OSPF traffic before the upgrade. Did something change and now either the OSPF rules are not automatically generated? Or perhaps somehow OSPF traffic was not subject to the firewalls rules in past OPNsense versions?
Thanks
Sean
4
Intrusion Detection and Prevention / emerging-inappropriate.rules empty
« on: May 12, 2021, 11:38:58 pm »
Is there a bug in the download of the "ET telemetry/emerging-inappropriate" ruleset? IPS is working fine for us, except for this ruleset won't download - or it is downloading an empty file:
If this ruleset is no longer included as part of ET telemetry, perhaps it can be added to ET Open? It looks like ProofPoint is still maintaining this ruleset:
https://rules.emergingthreats.net/open/suricata/rules/emerging-inappropriate.rules
Thanks
Code: [Select]
root@FW01:/usr/local/etc/suricata/rules # cat ./emerging-inappropriate.rules
#@opnsense_download_hash:ca29d292746f11f4023a7c2b41297518
root@FW01:/usr/local/etc/suricata/rules # ls -l ./emerging-inappropriate.rules
-rw-r----- 1 root wheel 58 May 12 21:27 ./emerging-inappropriate.rules
If this ruleset is no longer included as part of ET telemetry, perhaps it can be added to ET Open? It looks like ProofPoint is still maintaining this ruleset:
https://rules.emergingthreats.net/open/suricata/rules/emerging-inappropriate.rules
Thanks
5
20.7 Legacy Series / Missing ICMP Type and Code in filterlog messages
« on: January 18, 2021, 09:03:27 pm »
In past logs (firewall log in GUI and syslog messages), ICMP related log entries include the ICMP Type and Code name. For example, Echo, Echo-Reply, Unreachable, etc. That information is now missing from the log messages, possibly since 18.1 - not sure exactly when this information disappeared. Here is an example syslog message.
Any way to add that information back to the log message?
Code: [Select]
firewall.localdomain.com filterlog[72261]: 66,,,0,vtnet1,match,pass,in,4,0x0,,31,0,0,none,1,icmp,84,54.72.63.208,10.1.1.183,datalength=64
Any way to add that information back to the log message?
6
20.7 Legacy Series / Netflow sqlite file 33GB and full disk
« on: December 16, 2020, 04:08:31 am »
Having an issue where /var/netflow/src_addr_details_086400.sqlite has grown to 33GB. Then flowd_aggregate.py runs and fills up the whole disk then crashes. Any idea why that file has grown to 33GB? How is that sqlite database related to Insight and flowd_agggregate.py?
Thanks for any help/insight you can give! OPNsense 20.7.4
Here are some additional details:
Thanks for any help/insight you can give! OPNsense 20.7.4
Here are some additional details:
Code: [Select]
# ls -lh /var/netflow
total 36154824
-rw-r----- 1 root wheel 12M Dec 16 01:47 dst_port_000300.sqlite
-rw-r----- 1 root wheel 14M Dec 16 01:47 dst_port_003600.sqlite
-rw-r----- 1 root wheel 270M Dec 16 01:47 dst_port_086400.sqlite
-rw-r----- 1 root wheel 2.5M Dec 16 01:47 interface_000030.sqlite
-rw-r----- 1 root wheel 1.2M Dec 16 01:47 interface_000300.sqlite
-rw-r----- 1 root wheel 456K Dec 16 01:47 interface_003600.sqlite
-rw-r----- 1 root wheel 60K Dec 16 01:47 interface_086400.sqlite
-rw-r----- 1 root wheel 12K Dec 16 01:47 metadata.sqlite
-rw-r----- 1 root wheel 303M Dec 16 01:47 src_addr_000300.sqlite
-rw-r----- 1 root wheel 122M Dec 16 01:47 src_addr_003600.sqlite
-rw-r----- 1 root wheel 568M Dec 16 01:47 src_addr_086400.sqlite
-rw-r----- 1 root wheel 33G Dec 16 02:37 src_addr_details_086400.sqlite
Code: [Select]
# ls -lh /var/log/flowd.log*
-rw------- 1 root wheel 67M Dec 16 02:27 /var/log/flowd.log
-rw------- 1 root wheel 5.6G Dec 16 01:20 /var/log/flowd.log.000001
-rw------- 1 root wheel 12M Dec 15 14:11 /var/log/flowd.log.000002
-rw------- 1 root wheel 21M Dec 15 14:09 /var/log/flowd.log.000003
-rw------- 1 root wheel 13M Dec 15 14:06 /var/log/flowd.log.000004
-rw------- 1 root wheel 15M Dec 15 14:05 /var/log/flowd.log.000005
-rw------- 1 root wheel 13M Dec 15 14:02 /var/log/flowd.log.000006
-rw------- 1 root wheel 14M Dec 15 13:59 /var/log/flowd.log.000007
-rw------- 1 root wheel 18M Dec 15 13:56 /var/log/flowd.log.000008
-rw------- 1 root wheel 11M Dec 15 13:52 /var/log/flowd.log.000009
-rw------- 1 root wheel 14M Dec 15 13:50 /var/log/flowd.log.000010
Code: [Select]
2020-12-16T02:37:26 /flowd_aggregate.py[81444] flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 160, in run aggregate_flowd(self.config, do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 86, in aggregate_flowd stream_agg_object.cleanup(do_vacuum) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/__init__.py", line 213, in cleanup self._update_cur.execute('vacuum') sqlite3.OperationalError: database or disk is full
...
...
2020-12-16T02:27:34 kernel pid 49300 (suricata), uid 0 inumber 13643558 on /mnt: filesystem full
2020-12-16T02:27:25 kernel pid 49300 (suricata), uid 0 inumber 13643558 on /mnt: filesystem full
2020-12-16T02:27:22 kernel pid 81444 (python3.7), uid 0 inumber 13563330 on /mnt: filesystem full
2020-12-16T02:22:00 kernel pid 66066 (dd), uid 2 inumber 13563481 on /mnt: filesystem full
2020-12-16T01:46:56 /flowd_aggregate.py[81444] vacuum src_addr_details_086400.sqlite
7
General Discussion / Determine Latest OPNsense version?
« on: May 09, 2020, 01:11:27 am »
Is there a way outside of the OPNsense admin interface to check if a new update is available? We would like to write a script that can dynamically determine if there has been a new patch released for the latest version of OPNsense.
We're just looking for how we can check for a new update, we can handle the scripting part after that!
Thanks all!
Sean
We're just looking for how we can check for a new update, we can handle the scripting part after that!
Thanks all!
Sean
Pages: [1]