Messages

and i system log general, alot of these fore everytime i start the BLIND plugin

   root: /usr/local/etc/rc.d/named: ERROR: named-checkconf for /usr/local/etc/namedb/named.conf failed

anyone know what im doing wrong ?

got it working.. i thought.!
but when enableling the DNSBL the service stops af a second..

here is the error from system.
DateMessage

Jan 10 20:32:18configd.py: [1388610f-aa40-46ef-8a8c-8b8174141f8e] request BIND status

Jan 10 20:32:17configd.py: [3957517a-e18c-45e0-9903-db5ab8c8b81e] request BIND status

Jan 10 20:32:17configd.py: [259ca30f-30e9-440b-ba0c-0713319d4849] returned exit status 3

Jan 10 20:32:17configd.py: [259ca30f-30e9-440b-ba0c-0713319d4849] starting BIND

when i set  Recursion i general to NONE, the DNSBL can be started..

is my ACLs access list wrong ?

my ip of opnsense is 192.168.1.1 and dhcp to clients from 192.168.1.100 to 115

Services: BIND: Log File


Search for a specific message...
Date   Message
General
Queries
Blocked
File /var/log/named/named.log yielded no results.

Im a running DNS.WATCH in general setting

84.200.69.80
84.200.70.40

so all connections are forced to use this DNS.

could this do issues with the DNSBL ?

hi all.

using this manual: https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

and setting the ACLs access list to: 192.168.1.1/24 ( OPNsense is 192.168.1.1)


I cant get the DNSBL started. it goes red after on second trying to start it.

what am I doing wrong ?

 Hi All.

I am a bit confused of what Alias type to use for ad blocking. can someone please take a look at them and tell me which Alias type to use and why!?

currently  my blocking lists are those following and only two are set as URL Table (IPs) because they fetch a file like a download, the rest i have set as host type alias,
BUT! i simply  dont quite understand the difference in the types of aliases contra the extension of the block list.
can someone give me a  guided answer,
what type of alias should i use on every list  ?

1)URL Table (IPs)
2) URL (IPs)
3) Host


https://adaway.org/hosts.txt
https://www.binarydefense.com/banlist.txt
https://lists.blocklist.de/lists/all.txt
http://sysctl.org/cameleon/hosts
https://tspprs.com/dl/cl1
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://iplists.firehol.org/files/firehol_level2.netset
https://hosts-file.net/ad_servers.txt
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
https://someonewhocares.org/hosts/hosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://dbl.oisd.nl/whitelist2.txt
https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist
http://winhelp2002.mvps.org/hosts.txt
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

hi all.

which rules from the default suricata setup blocks attached files/ pictures mostly from my thunderbird mail client ?

i just cant seem to find out which ones. I have disabled the snort rules i also have enabled, but its not them blocking files.

can some one guide me ?

anyone ?? :(

thanks.

Hi.

im doing a setup of new extra aliases to use for addblocking etc..

they are taken from this list https://github.com/matijazezelj/unbound-adblock
the are all HOSTS lists!

When I try to put every list in a alias respectfully i cant save the lists a hosts.. Opnsense says they arent hosts files.
only workaround is when i choose urls (ips) and save, then edit and choose hosts. and then save.
then it seems the opnsense accepts them as HOSts...

is it a bug ?

Hi all.

the short story is that im trying to create my own how-to based on torguard VPN service.

Its a loadbalacend 4 connection setup based om merged torguard/pfsense manuals. I though why not do a torguard complete how-to, test it out and share it.

Currently I have a working online 4 VPN gateway group, with 30 servers in each connection. alle chosen randomly on every boot. ( reboot every night using CRON)



But then the next part of the manual doing the firewall rules, i just cant get to work....
I use the german https://dns.watch/ as forced DNS, but that should be a problem.

this following setup is what i need to do next, but its not working...
any commets ??


----------------

Create Firewall Rules
In this section, we are going to create a floating firewall rule to Reject any LAN outbound packets that are tagged as NO_WAN_OUTBOUND and then we are going to create a LAN rule that will tag all traffic as NO_WAN_OUTBOUND as well as use the OpenVPNGatewayGroup we created in the section above as the default gateway for that traffic. Using this method, we are going to ensure that ALL LAN traffic will ONLY go through the OpenVPN connections.
1.   Navigate to Firewall --> Rules and ensure the Floating tab is selected. (Figure 15).
2.   Click the Add button with the down arrow on the bottom of the page to add a rule to the end of the list (Figure 16).
3.   You will be re-directed to the Edit firewall Rule page.
4.   In the Action field ensure Reject is selected.
5.   In the Interface field ensure the WAN interface is selected.
6.   In the Direction field ensure out is selected.
7.   In the Address Family ensure IPv4 is selected.
8.   In the Protocol field ensure Any is selected(Figure 17).
9.   In the Log field, check the Log packets that are handled by this rule.
10.   In the Description field, enter the following description: Reject Packets tagged with NO_WAN_OUTBOUND.
11.   In the Advanced Options field, click Display Advanced button (Figure 18).
12.   Clicking the Advanced Options button from the previous step, will display the Advanced Options section.
13.   In the set local tag field, enter the following: NO_WAN_OUTBOUND (Figure 19). Ensure you make a note of the NO_WAN_OUTBOUND tag because we are going to be using it in LAN rule we are going to be creating next.
14.   Click the Save button at the bottom of the page.
15.   You will be re-directed back to the Floating rules tab page.
16.   Click on the Apply Changes button on the top of the page to apply the changes (Figure 20).
17.   Next click on the LAN tab (Figure 21).
18.   Click the Add button with the down arrow on the bottom of the page to add a rule to the end of the list (Figure 22).
19.   You will be re-directed to the Edit firewall Rule page.
20.   In the Action field ensure Pass is selected.
21.   In the Disabled field ensure Disable this rule is Unchecked.
22.   In the Interface field ensure the LAN interface is selected.
23.   In the Address Family ensure IPv4 is selected.
24.   In the Protocol field ensure Any is selected (Figure 23).
25.   Under the Source section, in the Source field, ensure LAN net is selected.
26.   Under the Destination section, in the Destination field, ensure any is selected.
27.   Under the Extra Options section, in the Log field, ensure Log packets that are handled by this rule is checked.
28.   Under the Extra Options section, in the Description field, enter a description for this rule (Ex: Allow LAN to any via VPN Only).
29.   Under the Extra Options section, in the Advanced Options field, click the Display Advanced button (Figure 24).
30.   Clicking the Advanced Options button from the previous step, will display the Advanced Options section.
31.   Under the Advanced Options section, in the set local tag field, enter NO_WAN_OUTBOUND (Figure 25).
32.   Under the Advanced Options section, in the Gateway field, ensure the OpenVPNGatewayGroup gateway is selected (Figure 26).
33.   Click the Save button at the bottom of the page.
34.   You will be re-directed back to the LAN rules tab page.
35.   Click on the Apply Changes button on the top of the page to apply the changes (Figure 27).

hi all.

my lobby dashboard gives me: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz (4 cores)

but the cpu is dual core and 4 threads.

this gives me an option to run two parallel openvpn instances  for example, but not 4 as i was mistakenly surprised to think, first time i booted my qotom unit.

isn't this misguiding ? or am I reading it wrong.

thanks!

yep i agree.

thanks for the input though.

[You need a dynamic DNS record to reach the VPN server anyway, and there is no security in obscurity.]

A VPN increases security by reducing your attack surface through moving services from public to private networks. The time that you have a public IP address has little bearing on that. You need a dynamic DNS record to reach the VPN server anyway, and there is no security in obscurity.

TL;DR: static IP for VPN is not more insecure

Bart...

thanks for the reply Bart. So even if my cisco cable modem gets an fixed IP = the VPN servers IP, i still need to have some dynamich DNS setup in the opnsense firewall ?