Messages

Hi - I'm wondering if I don't have the the IDS/GeoIP blocking setup quite right, or if maybe it's not completely 100% successful at blocking all traffic?

I blocked a lot of countries, including Iran, but later that day I received a SPAM email on a server behind OPNsense that came from Iran.  A geoiplookup utility identifies it as Iran, as does its whois info.  The IP address was 2.180.53.127

(7) -->  geoiplookup 2.180.53.127
GeoIP Country Edition: IR, Iran, Islamic Republic of
GeoIP City Edition, Rev 1: IR, 16, Kordestan, N/A, N/A, 35.713100, 47.265598, 0, 0
GeoIP ASNum Edition: AS48159 Telecommunication Infrastructure Company

(5) -->  whois 157.55.234.250
inetnum:        2.180.16.0 - 2.180.63.255
netname:        tckhr-DSL
descr:          Telecommunication Company of Khorasan Razavi for ADSL users
country:        IR
person:         Jamil Sabaghi
address:        Khomeini ST Mashhad Iran

Here's a snippet of from my mail server:
Mar 22 10:15:53 myhostname postfix/smtpd[2629]: connect from unknown[2.180.53.127]
Mar 22 10:15:56 myhostname postfix/smtpd[2629]: CEAD023BA027: client=unknown[2.180.53.127]
Mar 22 10:15:57 myhostname postfix/cleanup[2639]: CEAD023BA027: message-id=<9059532066.SIM_0099577ADC51@myhostname.com>
Mar 22 10:15:57 myhostname postfix/qmgr[3927]: CEAD023BA027: from=<tarrantNikki09@biurex.pl>, size=5807, nrcpt=1 (queue active)
Mar 22 10:15:57 myhostname postfix/smtpd[2629]: disconnect from unknown[2.180.53.127] ehlo=1 mail=1 rcpt=1 data=1 quit=1 command$
Mar 22 10:16:02 myhostname postfix/local[2640]: CEAD023BA027: to=<user@myhostname.com>, relay=local, delay=9, delays=3.7/0.01/0/$

Here's how I have IDS/GeoIP setup on OPNsense:
http://imgur.com/a/iVRJx

Is there a log that would show me drops due to IDS/GeoIP matches?  Any insight would be greatly appreciated.

Thanks.

I'm not sure if this is what you wanted me to test/verify so sorry in advance.

I edited /usr/local/etc/rc.php_ini_setup and not knowing what to do, I just doubled everything in the section you highlighted to look like this:
suhosin.get.max_array_depth = 10000
suhosin.get.max_array_index_length = 512
suhosin.get.max_vars = 10000
suhosin.get.max_value_length = 1000000
suhosin.post.max_array_depth = 10000
suhosin.post.max_array_index_length = 512
suhosin.post.max_vars = 10000
suhosin.post.max_value_length = 18000000
suhosin.request.max_array_depth = 10000
suhosin.request.max_array_index_length = 512
suhosin.request.max_vars = 10000
suhosin.request.max_value_length = 18000000

Then I ran that file:
/usr/local/etc/./rc.php_ini_setup

Then I opened the ALIAS with the very long list of CIDR networks.  It initially shows me the full list and I hit + to add a new one and then hit save but it's missing on the page after hitting save.  In fact the list is much shorter after hitting save than it is when I initially edit it.

I'm not sure which file has the "max_input_vars" variable as I couldn't find it in /usr/local/etc/rc.php_ini_setup.

Vielen Dank.

I think I spoke too soon.  I needed to add another couple CIDR networks to the new ALIAS that I created and after adding them and hitting save, the list didn't appear to have all the previously added CIDRs.  Maybe it's just a web server/php issue with showing them?

Where are the ALIAS config files stored?  Could I add new CIDRs to the text file and then restart a service from the shell console?

The list of CIDR networks that I successfully pasted into the import ALIAS page wasn't comma separated.  Each CIDR was on its own line, so it was a plain text file of 2165 lines.  So far so good.

Thanks again  :)

I didn't import them, which might have been my problem.  I created a new ALIAS and then pasted all 2176 CIDR address into a single field on that page.  It *seemed* to work and take them all but it turned out to be missing about 40 entries.

I've created a new ALIAS and used the "import" feature this time and it successfully took and lists all 2176 entries.

Am I reaching the upper limits of the factors that might limit the number of entries in a single ALIAS?

Thank you for the help.

Is there a limit to the number of networks that can be in a single ALIAS?  I have a very long list of CIDR networks in a single ALIAS that I'm trying to add to but after clicking + and entering a new one, followed by "save", they don't appear on the page when it reloads.

Thanks, I think I found it.  Is it referred to as "DHCP Static Mappings for this interface"?  I guess the fact that the word "reservation" wasn't used through me.

Hello,

Is it possible to setup DHCP reservations with the DHCP server in OPNsense?  I can't seem to find an area where I can do it in the web GUI.

I'm transitioning from m0n0wall's DHCP service, which has a number of reservations, to OPNsense. I was hoping to setup the reservations before I  move to OPNsense's DHCP service.

Thanks.

I'm

Sorry if I'm missing something obvious. I looked through the documentation, did some google searches and searched through the GUI, but I can't seem to find a way to import my m0n0wall rules. Is this possible? Or can I edit a single file on the console and insert them? Most of the rules are specific CIDR network denies.