"
I cleared the states but had an opportunity to reboot also. I did both and everything appears to be normal again.
Thanks for the assistance everyone.
Thanks for the assistance everyone.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
18.1 Legacy Series / Re: Logging view
February 15, 2018, 02:38:19 AM
I assume you upgraded from version 17? I remember reading something about bringing back the Normal view you're speaking of.
In the mean time, you can use Live View or Plain View and still filter for IP and ports.
I believe this is it:
In the mean time, you can use Live View or Plain View and still filter for IP and ports.
I believe this is it:
#3
18.1 Legacy Series / Re: Firewall->Diagnostics->pfTables is empty
February 15, 2018, 02:32:05 AM
No, it shouldn't affect production. It merely removes the alias from showing in the pfTables selection. If everything is working fine. I'd say leave it alone.
#4
18.1 Legacy Series / Re: Firewall->Diagnostics->pfTables is empty
February 14, 2018, 02:20:53 PM
Franco, good point I didn't think of but Fiddler doesn't show redirect.
gonzo, you might have to remove manually if a reboot doesn't work; /var/db/aliastables. Might as well reboot with all the work that you did anyway.
gonzo, you might have to remove manually if a reboot doesn't work; /var/db/aliastables. Might as well reboot with all the work that you did anyway.
#5
18.1 Legacy Series / Strange firewall filtering behavior
February 14, 2018, 06:51:12 AM
I'm noticing some funky behavior. Has anyone experienced something similar? Do I need to reboot the firewall? Do I need to wipe clean and start over with fresh configs?
OPNsense version: OPNsense 18.1.1-amd64
Last reboot: 1.5 days ago
I'm at a total loss and I'm assuming it's my configs that's broken.
OPNsense version: OPNsense 18.1.1-amd64
Last reboot: 1.5 days ago
- Rules are as simple and basic as I can make it
- Brother's IP is in the pfTables and still in the tables right now
- Brother was able to access services from WAN to my LAN for several days
- Didn't make any changes to firewall
- Today, the same IP he's been using for the past few days doesn't get filtered by the "allow" rule but instead gets filtered by the Default Deny rule. Thus, he was blocked for some strange reason despite no changes made.
I'm at a total loss and I'm assuming it's my configs that's broken.
#6
18.1 Legacy Series / Re: Firewall->Diagnostics->pfTables is empty
February 14, 2018, 06:42:31 AM
Strange results for me. I tried the URL in OP's first post and it didn't work.
Doesn't work: http://ip.jchost03.pl/ip_zablokowane_ataki.txt
Doesn't work: ip.jchost03.pl/ip_zablokowane_ataki.txt
WORKS: http://www.ip.jchost03.pl/ip_zablokowane_ataki.txt (screenshot1)
Notice the "www" that allowed the pfTables to populate (screenshot2). OP, try what I did, hopefully it works for you too.
Doesn't work: http://ip.jchost03.pl/ip_zablokowane_ataki.txt
Doesn't work: ip.jchost03.pl/ip_zablokowane_ataki.txt
WORKS: http://www.ip.jchost03.pl/ip_zablokowane_ataki.txt (screenshot1)
Notice the "www" that allowed the pfTables to populate (screenshot2). OP, try what I did, hopefully it works for you too.
#7
Intrusion Detection and Prevention / Re: Port 53 flood on IPS
February 14, 2018, 06:29:04 AM
Strange that you're being targeted as if you're highly valued target.
I agree that you should keep blocking those inbound DNS traffic. DNS queries should be stateful in the firewall in this order; LAN to WAN to LAN. DNS in practice shouldn't be accepted if unsolicited from WAN.
I agree that you should keep blocking those inbound DNS traffic. DNS queries should be stateful in the firewall in this order; LAN to WAN to LAN. DNS in practice shouldn't be accepted if unsolicited from WAN.
#8
Intrusion Detection and Prevention / Re: Port 53 flood on IPS
February 10, 2018, 04:27:52 AM
Without knowing additional details it's hard to tell why you see that in IPS.
The closest thing I've seen on my network regarding port 53 was when I ran DNS benchmark tools on my desktop. There must've been faulty TTL or something because after the test was completed, I saw tons of blocked DNS entries in my firewall log as if the DNS traffic finally came back after the states were closed.
I also see a lot of DNS traffic when using Chrome without browsing to any websites.
The closest thing I've seen on my network regarding port 53 was when I ran DNS benchmark tools on my desktop. There must've been faulty TTL or something because after the test was completed, I saw tons of blocked DNS entries in my firewall log as if the DNS traffic finally came back after the states were closed.
I also see a lot of DNS traffic when using Chrome without browsing to any websites.
#9
18.1 Legacy Series / Re: Alias Bug?
February 10, 2018, 03:59:08 AM
It's possible it's a bug but I'm not sure. Please open an issue in https://github.com/opnsense/core/issues
In the mean time, set the Type to URL Table (IPs) (attached image URLtableIPs.png). It works well for me. You also get an Alias Expiration field to update the Alias list by number of days and/or hours (attached image AliasExpiration.png).
In the mean time, set the Type to URL Table (IPs) (attached image URLtableIPs.png). It works well for me. You also get an Alias Expiration field to update the Alias list by number of days and/or hours (attached image AliasExpiration.png).
#10
18.1 Legacy Series / Re: Sorting aliases
February 10, 2018, 03:36:09 AM
1. You want the IP addresses to be in numerical order? I believe it's impossible to do it in GUI after the fact. You'd have to do it in CLI at which point there's md5 hashes of the aliases which I'd have to experiment and verify before giving you a solid answer. See for yourself; /var/db/aliastables/IP_Stacje0_INT.md5.txt
2. Your aliases aren't recognized because you pasted the Aliases with a space after each name. See the extra space before the closing quotes? It's not recommended to paste the Alias you created earlier. Instead, type the first letter and there will be a selection box (attached image).
"IP_Admin_Stacje0_INT "
"IP_Admin_Stacje50_INT "
2. Your aliases aren't recognized because you pasted the Aliases with a space after each name. See the extra space before the closing quotes? It's not recommended to paste the Alias you created earlier. Instead, type the first letter and there will be a selection box (attached image).
"IP_Admin_Stacje0_INT "
"IP_Admin_Stacje50_INT "
#11
18.1 Legacy Series / Re: How to "install" opnsense on hdd with usb?
February 10, 2018, 03:15:39 AM
I've already written something a while back with a ton of screenshots. Let me know if you have any questions.
http://nqnguyen2.com/blog/#/blog/how-to-install-opnsense-18-1/
http://nqnguyen2.com/blog/#/blog/how-to-install-opnsense-18-1/
#12
18.1 Legacy Series / Re: PFBlocker/GeoIP Blocking alias updates
February 08, 2018, 06:05:29 AM
1. Correct pfBlockerNG is not available.
2. From what I understand, the GeoIP updates every day (Gurus correct me if I'm wrong).
*Source: core/src/opnsense/scripts/filter/lib/alias.py (line 160)
3. All Aliases auto-update, pull information, or populate in the pfTables as soon as you click the Save button.
4. I've tested firehol alias and it's working fine for me.
*Alias has similar settings like yours: https://www.screencast.com/t/YrEu7vG2iyQ2
-Firehol alias using this URL: https://iplists.firehol.org/files/firehol_level1.netset
*pfTables populated immediately after saving the alias: https://www.screencast.com/t/cpZvnqyaI
5. Yes, your firehol alias set for 1 day expiration will update every day.
6. You can force an update by editing the alias, make no changes, and click Save button.
Recommendations
1. Please check your Alias Names and Descriptions. It appears you have multiple typos that can make troubleshooting confusing when your configurations become more complex.
2. Please consider allowing access for a smaller group of aliases vs denying the entire world. This will make your tables smaller, easier to troubleshoot, use less RAM, better performance, etc.
2. From what I understand, the GeoIP updates every day (Gurus correct me if I'm wrong).
*Source: core/src/opnsense/scripts/filter/lib/alias.py (line 160)
3. All Aliases auto-update, pull information, or populate in the pfTables as soon as you click the Save button.
4. I've tested firehol alias and it's working fine for me.
*Alias has similar settings like yours: https://www.screencast.com/t/YrEu7vG2iyQ2
-Firehol alias using this URL: https://iplists.firehol.org/files/firehol_level1.netset
*pfTables populated immediately after saving the alias: https://www.screencast.com/t/cpZvnqyaI
5. Yes, your firehol alias set for 1 day expiration will update every day.
6. You can force an update by editing the alias, make no changes, and click Save button.
Recommendations
1. Please check your Alias Names and Descriptions. It appears you have multiple typos that can make troubleshooting confusing when your configurations become more complex.
2. Please consider allowing access for a smaller group of aliases vs denying the entire world. This will make your tables smaller, easier to troubleshoot, use less RAM, better performance, etc.
#13
18.1 Legacy Series / Re: URL Alias issue
February 04, 2018, 07:26:04 PM
Let me try to help.
- So you have data in /var/db/aliastables/spamhaus.txt correct?
- You created an alias with Type "URL Table (IPs)" correct?
- You also have data in pfTables correct? (Firewall > Diagnostics > pfTables)
Pages1
