Messages

can you try https://github.com/opnsense/core/commit/08bd6c717751f3ce1c4b160fed7b747a5fa7da6f ?

Code Select Expand


opnsense-patch 08bd6c7


When deduplicating the retrieved addresses, the lookup was less performant it seemed.

hello, I got this instead:

nothing shown on Type and any other selection fields. i already restart the webgui

[please try]

by the way,

https://repo.polkam.go.id/firehol/attacks.netset
https://repo.polkam.go.id/firehol/malware.netset

those are my list of backlisted IPs, when i try to load it as alias in OPNsense from web gui it always give me timeout... please try it adding it from web gui

in my old FreeBSD i just put those as table <tablename> persist file "/path/to/file" .. and it's done. (current OPN has no option to load alias from file, i think this is important)

PS: python2.7 bumped to 100% CPU usage if i add those into alias

thank you!

Hello, how can i change default value for these? (tcp.opening, etc)

Code Select Expand

TIMEOUTS:
tcp.first                    30s
tcp.opening                   5s
tcp.established           18000s
tcp.closing                  60s
tcp.finwait                  30s
tcp.closed                   30s
tcp.tsdiff                   10s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
src.track                     0s

in my old freebsd i always custom the timeouts for protection and other things.

this is my old parameters:

Code Select Expand

set timeout { interval 10, frag 10 }
set timeout { tcp.first 15, tcp.opening 10, tcp.established 3600, tcp.closing 10, tcp.finwait 15, tcp.closed 15 }
set timeout { udp.first 60, udp.single 15, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }

cheers

thank you! i will look into it :)

Hey guys, I always experiencing IPv6 loss after reboot (I have pf enabled to filter IPv6), the gateway monitor always marked it as "down", and when i login to terminal i cannot ping the gateway. Turns out i have to disable the PF and re-enable it after pinging the gateway. So i add script to prevent IPv6 gateway link loss on startup.

here it is:
/usr/local/etc/rc.syshook.d/start/91-check-gateway

Code Select Expand

#!/usr/local/bin/php

<?phprequire_once("config.inc");require_once("interfaces.inc");require_once("util.inc");$gateways = return_gateways_array(false, true, false);passthru("pfctl -d");foreach ($gateways as $gateway) { if ($gateway['ipprotocol'] === 'inet6') { passthru("ping6 -c 1 " . $gateway['gateway']); }; };passthru("pfctl -e");

hope this helps :)

Use /etc/fstab instead. We don't touch its configuration, but gladly load whatever is set up there.

good to know, thank you! ;)

thank you for your reply :)

about "External means you can fill it via API", how can i do this? thanks :)

Hello, i see Firewall alias that has type "external", what is it and how to use it? i see no documentation for it..

1 more thing... i have this list of blocked IPs which i want to load (I used to do this in FreeBSD using table <blockip> persist file "/path/to/file" ... containing more than 150K IPs with 2MB size... i tried to load it in opnsense and timeout from web browser..... is there anyway i can do this from terminal?

thanks!

hello, i use "Use memory file system for /tmp" which leads to tmpfs, which is great... can you put mount options for it? say.. noexec nosuid, etc? i can't find any options for it... thank you

this is my old FreeBSD tmp: tmpfs on /tmp (tmpfs, local, noexec, nosuid)

thank you