OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: senser on December 06, 2017, 08:01:57 pm

Title: Can opnsense do this?
Post by: senser on December 06, 2017, 08:01:57 pm
Greetings everyone,

I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?

Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled

Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Thank you so much
J
Title: Re: Can opnsense do this?
Post by: Stefan on December 07, 2017, 02:03:00 am
BGP routing by chance?
Title: Re: Can opnsense do this?
Post by: Gargamel on December 07, 2017, 08:20:30 am
Greetings everyone,

I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?

Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled

Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Thank you so much
J

For GeoIP blocking see this post:
https://forum.opnsense.org/index.php?topic=5851.msg24639#msg24639
Title: Re: Can opnsense do this?
Post by: Ciprian on December 07, 2017, 10:38:25 am

Asn ip blocking (alias from whois)

Definitely YES!

Quote
Dns black holes (using common host files)

I strongly would say YES, but you have to check, there are host and domain overrides, there are custom options of Unbound DNS, both comprised right on the Web Interface, and if it's not enough, form the console you have the option to edit the Unbound config file the way you want it; never did it, so I don't know for sure if it fits your purpose, and I would redirect you to Unbound DNS (or DNSmask DNS, also included in OPNsense) documentation.

Quote
Geo-ip blocking (alias from geo-ip)

YES

Quote
All logging can be disabled.

YES

Quote
Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Franco definitely has a better answer, the best answer, but until he writes a few lines, I would say "rolling release" is the model.

Quote
Thank you so much
J

You're welcome! :)
Title: Re: Can opnsense do this?
Post by: franco on December 07, 2017, 03:03:37 pm
Hi there,

Well, we do a major update every 6 months (major incompatible features and operating system updates) and rolling releases with mostly weekly minor updates depending on need. Major versions land in January (x.1) and July (x.7).

We discontinue support for older major releases immediately, but the upgrade is (given the migration notes and operating system limitations) seamless.

https://opnsense.org/about/road-map/


Cheers,
Franco
Title: Re: Can opnsense do this?
Post by: senser on December 10, 2017, 10:00:56 pm
Great, so there is no nice frontend for creating dns entries for unbound from host files, but other than that, its all there. Are there any plans to better support creating dns black holes yet? Thank you!