Messages

so periodic interface reset did not work. - I am also now cronning a reboot.

DHCP4 -V6 is disabled - all 'static' IP are ARPed
OpenDNS is enabled
UnboundDNS w/ blocklists.
IPS is on using Hyperscan.
All offloads are offloading
only using VMware plugin

I am also having same issue and very similar configuration (ESXi & VM)...

What about a Periodic interface reset - rather than a system reboot?

a periodic interface reset is scheduled daily on my setup; i'll post results in a week so.

Note: i am using e1000 network 'cards'

Will some one please point me to a resource with the column definitions for syslog-ng SyslogMessage?

Facility = local0
SeverityLevel = info

56,,,0,vmx1,match,block,in,6,0x00,0x2ac1f,1,udp,17,36,fe80::d952:2e68:a12d:54c9,ff02::fb,5353,5353,36

I can determine the interface (vmx1), action (match & block), direction (in), protocol (udp), and source ip (fe80::d952:2e68:a12d:54c9)

Can someone help me determine the other columns?


OPNsense Details:
OPNsense 20.1.7-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
LibreSSL 3.0.2

thank you

I'm new to OPNsense, please help me enable and verify IDS/IPS for abuse.ch (https://docs.opnsense.org/manual/how-tos/ips-feodo.html)

When i verify rules have been created, the count is the same as before: 282. When i search for Feodo, no rule results show.

How do i verify I have enabled IDS/IPS correctly for abuse.ch? How do i read the log file for IDS?


Note: i have some counties blocked and alerts are generated; but i don't know about the abuse.ch rules.


OPNsense 17.7.1