OPNsense Forum
English Forums => General Discussion => Topic started by: dcol on October 17, 2016, 07:18:01 pm
-
What's up with the PFsense community when it comes to Suricata? Whenever I ask questions as to why it is taking so long to implement Inline Suricata, the post or thread gets deleted. I get the impression there is some bad blood between PFsense and OPNsense. As soon as OPNsense was mentioned, the threads were shut down. Luckily I was able to catch a post before one thread was shut down that suggested I look at OPNsense if I needed Inline Suricata. I did just that in testing and will start using it in production soon. Seems PFsense has one guy working on Inline Suricata in PFsense that just disappears for months on end because he says 'I have paid projects that take priority'. I can understand that, but do not understand in keeping everyone hanging with little to no progress reports for months on end. Nor do I understand such little support on an important feature. OPNsense seems like a much more 'community friendly' forum to me. I will be eventually replacing PFsense in all my installations because I see PFsense as a dying project at this point. It has run it's course and is losing people like me.
-
And now you know why it was forked :-)
-
Be aware that your forum account over there might be blocked indefinitely for posting stuff like that over here (or even less...) ;-)
-
Hi and welcome,
This is a peculiar case. It would be funny if it wasn't worrisome on a project scale.
I didn't catch the original discussions, only read up after multiple threads were deleted/merged. I pulled the original topics from Google Cache and I found a discussion where it was pointed out that we are working very actively on Suricata and IPS since about 11 months. Lately there is Hyperscan, too. All of these patches go to FreeBSD and are thus freely available for pfSense.
At the moment 3.1.2 and Hyperscan are still pending in the FreeBSD bug tracker, but they work and we ship them for that reason. Arguing that not trusting Intel and the OSIF on their on generally available releases would be a bit out of the way. The software works exceptionally well.
An issue is in FreeBSD 10.3 (and also 11.0) at the moment that prevents some chipsets from working correctly for em(4) on netmap(4) (IPS tech for Suricata). With the help of Intel we now also provide the stock em(4) driver, work which was also given to FreeBSD.
Now, for the stark turn...
My comments on Twitter on the original pfSense postings have made Jim Thompson assume that I was the one starting all the trolling. He hollowed out the thread he didn't delete, removed all positive mentions of OPNsense and our work that even benefits pfSense and has us labeled as "Franco and his band of idiots" in an attempt to save his face from a simple fact:
It takes work to be put into Suricata in order to update and advance. We're doing it, they don't. That simple. But nobody can admit that over there, because that would make us look attractive. You see, We are the bad guys, the shady, the ugly, the stealers, but in fact if you take a look at individual topics and timelines, you may see that we have done a lot of work that went into pfSense, too, maybe even earlier.
But truth be told, this has always been daily reality for our project that we have to keep up with lopsided attacks. ;)
Cheers,
Franco
-
And you know, now this thread is under target by the same people, assuming that we're still making up the making up of making this up. It's bonkers. :D
https://twitter.com/martinboller/status/788113099538698240
https://twitter.com/htilonom/status/788116660708343808
I honestly cannot believe how anybody would go through such lengths to prove something that really cannot be true.
Smile for the camera guys!
Cheers,
Franco
-
...in times where whole nations become psychotic this should not really come as a surprise, but it's still shocking to me...
-
Hilarious, I have been finally bumped on PFS forums for talking up OPNsense. Not a big deal since I have multiple accounts over there. They are really threatened and rightly so. OPNsense is keeping up and they are falling short and slowly moving away from 'open'. I suspect 2018 is going to be a bailing year for them.
-
Hilarious, I have been finally bumped on PFS forums for talking up OPNsense. Not a big deal since I have multiple accounts over there. They are really threatened and rightly so. OPNsense is keeping up and they are falling short and slowly moving away from 'open'. I suspect 2018 is going to be a bailing year for them.
After I read your post, I got to thinking that I had probably mentioned OPNsense in one of my last posts over there. I don't remember the exact context, just that I was looking at both. So I figured I'd try logging in and got this:
Sorry (username), you are banned from using this forum!
This ban is not set to expire.
They must be terribly insecure over there. And also not too bright if they think no one they have banned can get back in just by creating a new account. I've seen a lot of people mention them in here and no one gets upset about it, not that I've noticed anyway, but I guess they must be hoping that if they ban all mentions of OPNsense, no one will ever find out about it.
-
Yes, they lock the IP, so all you have to do is use a redirecting proxy browser like tor. Man if they are that threatened, OPNsense must be pretty good. By the way, I haven't posted over there about OPNsense in months, they banned me for posting on this site.
-
They haven't banned me yet... Maybe its because they would miss the village idiot.
Suricata in pfsense works for me in VM. So does Opnsense. It is fairly easy to shoot yourself in the foot with either distro for sure. I think most of the problems people have with Suricata are self-inflicted in a VM. On hardware, netmap compatibility is picky.
-
Its amazing how much more relaxed and helpful the environment is on this forum. They need to get off their high horse and start dealing with peoples concerns instead of making posters feel like village idiots.
-
... I got banned there years ago, don't remember why, maybe it was the thing that you get an IP on EACH interface with your MAC, if you are allowed by DHCP on ONE interface...
Not a big deal, after all ;-)
Is JeGr already banned there? He is/was a mod on the German forums...