Messages

dear romain,

Since the ideology of bridging is same among BSD style routing platforms, please take a look here for really detailed documentation. https://doc.pfsense.org/index.php/Interface_Bridges

You must read everything in order to grab knowledge :) Afterall, knowledge is power .

P.S: Just a tip. You have to create firewall rules to allow the traffic among bridged / to and fro on bridges too.

hi smajor,

please take a look here at http://rules.emergingthreats.net/open/suricata/ . They are Emerging Threat rules for suricata. You can manually push them too if you like incase you are looking for regular updates. Also, ET website has detailed description on individual rule and sub rules.

For detailed documentation, please look here http://doc.emergingthreats.net/

hey Franco,

I saw your reply late (this afternoon). Last night at 4AM i already removed them from ports.conf and removed the table entries from menu.xml. Its pretty straight forward and extremely simple. The plugin service is an excellent choice because not only components such as proxy or IDS can be added but other components like UPS addons , IPS components, etc are very critical if OPNSense is aimed for enterprise infrastructures.

I will setup a two machines for you this week. One with packages and the other one for development and testing on a 100mbps dedicated link at my place.

Cheers.

Hey Franco,

I am going to remove Suricata and Squid completely. Do you have static package build linkage or other dependencies in system variables?

Bit of an overkill :) The hardware that you chose can easily handle upto 500 users without any issue. Minus the Snort, you are good to go. Current IDS is "Suricata"

If i may suggest something chol. Even though this project has been under development but just recently went stable. Setting the RoadMap is an excellent idea but it is too early to look for a substitute for Bind, support off the shelf embedded devices, etc for example. In my opinion, the RoadMap should wait a little while this project goes to couple of racks around the world and face real life challenges. There is clearly room for improvement and a lot of feedback is needed still from the community.

Let me know your thoughts on this. Thanks.  :)

Indeed its an IDS not an IPS. The IPS ( Intrusion Prevention System ) component blocks the offending IP address/user when the alert is generated by the Suricata IPS. If you look at the basis of OPNSense then its supposed to be a firewall first then components to follow. Things will take some times for the project to mature. Don't you worry  :)

The USB to serial converters don't work  sometimes thats why. Serial cables are pretty hard and nothing like the classic port which still remains as a solid and reliable communication point. Maybe you can give this a try http://www.cooldrives.com/media/catalog/product/u/s/usb-serial-adapter-for-windows-vista.jpg . Please tell me what type of cable, converter that you are trying to use.

Try this please. Reduce the cache size from SQUID's config. It helped me reduce the number of crashes. Perhaps, I will try to get the stable Squid builds going soon and get back with the results.

Dear Franco,

I am really pleased to see this project. For 8 years ive worked with pfSense , IPCop, IPFire, Endian, etc etc. Seeing pfSense losing the full build scripts disclosure , Scott leaving, Jim Pingle's claims on the source code developed and contributed by the OpenSource community and several others reasons forced me to abandon everything with pfSense. Now that you have initiated this project and also decided to have your own brand with Deciso, count me in full time. Right now, i am doing my first custom build of this project and hoping to contribute with everything.

Thanks again man !