OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: mario on November 01, 2017, 06:14:58 pm

Title: 2 Problems: 1. Intrusion detection not working. 2. HUGE memory demand/disk IO
Post by: mario on November 01, 2017, 06:14:58 pm

Hi,

I hope someone smart out there can help me out:

1.  I want to use GeoIP in the Intrusion Detection function, but IPS mode will not stay "checked" after I leave the page.  Also when I Create a New Rule to block a country, after pressing "Save Changes", nothing shows up as having been saved.  Interestingly, I can select a country by typing in its name, but if I scroll, only about 6 countries starting with "A" show up in the list.  It makes no difference though, my selection doesn't get saved.

Hardware offloading is disabled, as per the user manual.
I have gone so far as to reinstall OpnSense from scratch, reinstalled GeoIP, reinstalled GeoIPs data files, and no difference.

2. I don't know what the expected resource demand is from a firewall list, but Opnsense is using > 7 Gbytes of memory, and my SSD seems to be in continuous use.  CPU demand is only 1%.  In my firewall I have blocked about 1000 adware IPs and website names, and as a test blocked South America using GeoIP via Alias.  I wouldn't have expected such a demand on the system.  Response time from the GUI takes perhaps 30 seconds after a mouse click.

Boot up takes between 15-20 minutes at the Firewall initialization stage.  I wondered whether the demand of resolving the website DNS information to IPs is the cause, so I changed the Firewall Advanced settings to DNS update frequency of 10 hrs, and increased maximum firewall entries to 2 million, but these changes made no difference.

I reinstalled OpnSense from scratch, with all current updates - no better.

What is taking up so much memory, SSD demand, and creating such a slow boot?  Are these resource demands typical?  What can I do to improve things?

Thanks!

Title: Re: 2 Problems: 1. Intrusion detection not working. 2. HUGE memory demand/disk IO
Post by: mario on November 02, 2017, 05:26:32 pm

SOLVED - partially.

1. In case anyone else has similar problems..  I discovered that the problem with setting IPS mode, and having "Save" buttons work was with the browser.  Must be some JavaScript setting.  When I logged into the GUI with a different browser, the check boxes stayed checked, and "Save" worked.  Other checkboxes in Opnsense also would not keep checked till I changed the browser.

2. I also discovered that it is entering website names rather than IPs into the imported alias was what is eating memory - megabytes per second, with my SSD showing continual usage.  ?Bug.