Messages

1

General Discussion / Re: Docker in the OPNsense environment?

« on: August 23, 2021, 08:58:41 am »

Hey guys and girls, we are at the era of microservices
running everything in a box/os is not the way
running everything under one box [windows/appliance/linux/bsd] is the old model; so 1990.
Segmenting the usage at least per VM or container is more 2010, by services/pod it is more 2020.

So if you run OPNsense under FreeNAS, Proxmox, ESXi or Hyper-V you started well
now you should make another VM for your docker or better make a kubernetes cluster (try k3os to start it is easy).
then use OPNsense as gateway/firewall and add a proxy service (haproxy or nginx) on it to redirect the traffic on your docker machine/kubernetes cluster.
this is the way to do it.

now to make your kubernetes cluster resilient you will need a NAS: look at FreeNAS or OpenMediaVault for that and share a directory via iSCSI or NFS, or even SMB to start.

2

Development and Code Review / Implementing PPTP Client ?

« on: January 22, 2020, 04:42:17 pm »

I understand PPTP is considered insecure but in my case the usage is more for the static IP I would use it than for a perspective of security/anonymity

As @Franco was suggesting in https://forum.opnsense.org/index.php?topic=8601.msg38670#msg38670 it would be possible to extend the module os-pptp and adding a section client like OpenVPN have.

Also @Franco asked, it would be easier to implement with a specific consideration and add option on demand.
So the specific configuration is already possible on pfSense Linux and it is with PureVPN: https://support.purevpn.com/command-line-setup-in-debian-linux

What do you think ?

3

Intrusion Detection and Prevention / Re: How to manage a local ip list

« on: September 29, 2018, 06:55:11 am »

hi myksto;

I'm glad I help you;
your setup seams fair

if you notice on https://iplists.firehol.org/ they have the average update frequency which is 41minutes; but I'll say a 1 day is fair enough to not being ban; I'll definitely don't go under every hour.

Best Practices ?

Hum; I'm a learner as you

but depend I add one or two of these list : https://firebog.net
- notice1 firehol and firebog may have overlaps.
- also as far I also understand firebog list which are just domain name and/or point to 127.0.0.1 so I use them in combination with unbound (probably works with dnsmasq too).
Actually I just discover in BIND OPNsense already integrate ads block list;.

Don't hesitate to share your try I'll be curious to test them too.

4

Intrusion Detection and Prevention / Re: How to manage a local ip list

« on: September 28, 2018, 08:05:23 am »

Hi;

sorry I lost my post but long story short

for
2) https://127.0.0.1/mkst/lists/ips.txt
3) https:\\127.0.0.1\mkst\lists\ips.txt

you must alter lighttpd via a vhosts or the os-nginx plugin

as you must understand the os-nginx is a better choice
this could inspire you : https://wiki.opnsense.org/manual/how-tos/nginx.html

if you want to use lighttpd you have to create a vhost file into :
/usr/local/etc/lighttpd/vhosts.d
than put your ips.txt into /usr/local/www/vhost (such as an example)

but you could also host your file into any webserver/service like github, gitlab or netlify

personally I use the same method as you but with public list I found here
http://iplists.firehol.org/

5

Intrusion Detection and Prevention / Re: 2questions IDS/IPS

« on: September 27, 2018, 08:45:51 pm »

thank for sharing your tough it make me discover a new way of doing it
https://wiki.opnsense.org/manual/how-tos/edrop.html

 

6

Intrusion Detection and Prevention / Re: Using Rulesets in Suricata IPS

« on: September 27, 2018, 03:42:24 pm »

an interesting source of information is compiled by firehol
http://iplists.firehol.org/

you could compare different list and also see which one overlaps..

7

Intrusion Detection and Prevention / Re: How to manage a local ip list

« on: September 27, 2018, 03:37:21 pm »

it is possible to see your file ?
I means it is snort formatted ?

8

Intrusion Detection and Prevention / 2questions IDS/IPS

« on: September 27, 2018, 03:32:21 pm »

Hi everyone;

1.
My public IP, in fact all ip of my ISP are blacklisted by spamhaus.
if I active the IPS mode on my WAN and active the DROP list what will happen ?

2.
If the IPS mode is activated on my LAN interface and I forward a ports; do these ports still under the IPS protection or the traffic will be forward before ?