Topics

Hello
i'm wildly sorry but can't find api to capture system log entries.
as api/diagnostics/firewall/log/ for pf logs
does he exist at all?
--
"system log" widget is not dynamically updated. looking for a way to fix

Thanks!

found it, sorry

Hello all!
Sometimes there are topics about unexpected firewall behavior caused by the use of a reply-to directive.
I am wondering what if it were possible to display the value of this directive directly in the firewall rule tables?
This might be helpful, is it worth to FR?
Attached are screenshots of the test VM with possible table views.

Hi!
sometimes naxsi core rules are updated (most recent version is Oct 26, 2020)
how to update the core rules correctly?
I think that i cant just run (i dont see any config check for same rule id or some in .php)
/usr/local/opnsense/scripts/nginx/naxsi_rule_download.php
need to delete all core rules and policies from config first (it looks like it's easier to change the rules manually)?

HI!
I'm wondering if I'm the only one who would like to add the ability to use the OR operator (globally) in the firewall protocol live view filter? I tried - it seems to work.
Thanks!

Hi!
suppose I want to use FireHOL list with exceptions (i need some subnets due to creepy network configuration). Is there a OOB solution for this or i need to make crutches? I haven't found anything and it doesn't seem like it was.
thanks!

Hi!
Trying to add and enable PT Research ruleset.
-Plugin (IDS PT Research ruleset) install ok
-Try enable it in IDS and press "Download & Update Rules"
Result:
"Error reconfiguring IDS
Error(1)"
With no messages in suricata log.
With no errors in general\backend logs.
in general log:
/rule-updater.py[16117]   download completed for https://github.com/ptresearch/AttackDetection/raw/master/pt.rules.tar.gz
in backend log:
configd.py[46270]   [c0717ac5-5c24-4734-91c5-65e3e6105448] returned exit status 1
configd.py[46270]   [c0717ac5-5c24-4734-91c5-65e3e6105448] update and reload intrusion detection rules

after that
Non-Free/PT Research ruleset is "Enabled" in rulset BUT in Rules tab not a single rule displayed (nothing at all).
and chrome dev console throws error "Cannot read property 'length' of undefined" in  renderRows(rows) function in jquery.bootgrid.js (rows is undefined).

what am I doing wrong?
can someone reproduce problem?
Thanks!

Hi.
"Starting with v1.12, Netdata collects anonymous usage information by default and sends it to Google Analytics"
GUI does not contain option to opt-out from sending anonymous statistics.
So is netdata installing with "--disable-telemetry" option or i should disable it by hand?
Thanks!

[If proxy_ssl_name is not defined then URL of proxy_pass used. not url from user request.]

HI.
Upgraded to 20.7.1
location.conf overwritten by upgrade process and SSL handshakes with backends not work anymore.
Please, let's figure it out how parameters
proxy_ssl_server_name
proxy_ssl_name
works.
(https://forum.opnsense.org/index.php?topic=17637.0)
I beleive that this parameters SHOULD  work together:
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_server_name
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_name
If proxy_ssl_name is not defined then URL of proxy_pass used. not url from user request.
Now location.conf sni part looks like:
{%     if location.proxy_ssl_server_name is defined and location.proxy_ssl_server_name == '1' %}
    proxy_ssl_server_name on;
{%     else %}
    proxy_ssl_server_name off;
{%         if upstream.tls_name_override is defined and upstream.tls_name_override != '' %}
    proxy_ssl_name {{ upstream.tls_name_override }};
{%         endif %}
{%     endif%}

So i beleive that location.conf part shoud look like this:

{%     if location.proxy_ssl_server_name is defined and location.proxy_ssl_server_name == '1' %}
    proxy_ssl_server_name on;
{%     else %}
    proxy_ssl_server_name off;
{%    endif %}
{%         if upstream.tls_name_override is defined and upstream.tls_name_override != '' %}
    proxy_ssl_name {{ upstream.tls_name_override }};
{%     endif%}

Hi.
The first connection after starting the service shows the correct time.
Every next connection shows the wrong time.
Time runs out by about 30 minutes every 2 hours.
This is not a php parsing error or something. If I connect to management socket it shows the same wrong time.
example:
openvpn log:
2020-08-06T09:04:59   openvpn: user '*****' authenticated using 'DC1'
connection status:
connected since: 2020-08-06 13:11:33

Hi!
I need to whitelist some of internal naxsi rules (BasicRule wl:11;) for location. How can I do that in GUI?
Thanks!

Hi!
I have SNI backend.
Since opnsense sets proxy_pass parameter to upstream (https://<upstreamuuid>), simple
"proxy_ssl_server_name on" doesnt work:
capture shows that server_name extension is set to "upstream<uuid>"

So to use SNI extension I need to use proxy_ssl_name in location:
proxy_ssl_name <my backend hostname>;
proxy_set_header Host <my backend hostname>;

But there is no such parameter in location gui config.
Where in GUI I can set this parameters?
Thanks!

upd: i add hostname in  "TLS: Servername override"  in Upstream section but it doesnt help (and again: its a location parameter, not upstream). and its not adding proxy_ssl_name in conf

upd2: if i set "proxy_ssl_server_name on" it removes "proxy_ssl_name <my backend hostname>";
but i think its not right. nginx documentations says that "proxy_ssl_server_name on" read hostname from proxy_pass parameter by default, not from user request. and if upstream is used we need to use proxy_ssl_name param to pass SNI hostname