Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ezraimanuel

Pages: [1]

18.7 Legacy Series / Re: Firewall Alias (external) and VERY BIG table file.

« on: November 09, 2018, 06:50:05 am »

Quote from: AdSchellevis on November 08, 2018, 01:46:27 pm

can you try https://github.com/opnsense/core/commit/08bd6c717751f3ce1c4b160fed7b747a5fa7da6f ?

Code: [Select]
opnsense-patch 08bd6c7
When deduplicating the retrieved addresses, the lookup was less performant it seemed.

hello, I got this instead:

nothing shown on Type and any other selection fields. i already restart the webgui

18.7 Legacy Series / Re: Firewall Alias (external) and VERY BIG table file.

« on: November 07, 2018, 04:52:41 pm »

18.7 Legacy Series / Re: Firewall Alias (external) and VERY BIG table file.

« on: November 07, 2018, 04:14:59 pm »

by the way,

https://repo.polkam.go.id/firehol/attacks.netset
https://repo.polkam.go.id/firehol/malware.netset

those are my list of backlisted IPs, when i try to load it as alias in OPNsense from web gui it always give me timeout... please try it adding it from web gui

in my old FreeBSD i just put those as table <tablename> persist file "/path/to/file" .. and it's done. (current OPN has no option to load alias from file, i think this is important)

PS: python2.7 bumped to 100% CPU usage if i add those into alias

thank you!

18.7 Legacy Series / pf timeouts

« on: November 07, 2018, 03:18:41 pm »

Hello, how can i change default value for these? (tcp.opening, etc)

Code: [Select]

TIMEOUTS:
tcp.first                    30s
tcp.opening                   5s
tcp.established           18000s
tcp.closing                  60s
tcp.finwait                  30s
tcp.closed                   30s
tcp.tsdiff                   10s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
src.track                     0s

in my old freebsd i always custom the timeouts for protection and other things.

this is my old parameters:

Code: [Select]

set timeout { interval 10, frag 10 }
set timeout { tcp.first 15, tcp.opening 10, tcp.established 3600, tcp.closing 10, tcp.finwait 15, tcp.closed 15 }
set timeout { udp.first 60, udp.single 15, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }

cheers

18.7 Legacy Series / Re: Firewall Alias (external) and VERY BIG table file.

« on: November 07, 2018, 02:53:07 pm »

thank you! i will look into it

18.7 Legacy Series / [Sharing] some troubleshooting for IPv6 enabled system

« on: November 07, 2018, 02:45:38 pm »

Hey guys, I always experiencing IPv6 loss after reboot (I have pf enabled to filter IPv6), the gateway monitor always marked it as "down", and when i login to terminal i cannot ping the gateway. Turns out i have to disable the PF and re-enable it after pinging the gateway. So i add script to prevent IPv6 gateway link loss on startup.

here it is:
/usr/local/etc/rc.syshook.d/start/91-check-gateway

Code: [Select]

#!/usr/local/bin/php
<?phprequire_once("config.inc");require_once("interfaces.inc");require_once("util.inc");$gateways = return_gateways_array(false, true, false);passthru("pfctl -d");foreach ($gateways as $gateway) { if ($gateway['ipprotocol'] === 'inet6') { passthru("ping6 -c 1 " . $gateway['gateway']); }; };passthru("pfctl -e");
hope this helps


		
			
				
				
					7
					
						18.7 Legacy Series / Re: tmpfs security
						« on: November 07, 2018, 08:10:16 am »
					
					
					Quote from: franco on November 06, 2018, 10:47:28 pm
Use /etc/fstab instead. We don't touch its configuration, but gladly load whatever is set up there.

good to know, thank you! 
					
				
				

				
			
		
		
			
				
				
					8
					
						18.7 Legacy Series / Re: Firewall Alias (external) and VERY BIG table file.
						« on: November 07, 2018, 08:07:55 am »
					
					
					thank you for your reply 

about "External means you can fill it via API", how can i do this? thanks 
					
				
				

				
			
		
		
			
				
				
					9
					
						18.7 Legacy Series / Firewall Alias (external) and VERY BIG table file.
						« on: November 06, 2018, 10:07:50 pm »
					
					
					Hello, i see Firewall alias that has type "external", what is it and how to use it? i see no documentation for it..

1 more thing... i have this list of blocked IPs which i want to load (I used to do this in FreeBSD using table <blockip> persist file "/path/to/file" ... containing more than 150K IPs with 2MB size... i tried to load it in opnsense and timeout from web browser..... is there anyway i can do this from terminal?

thanks!
					
				
				

				
			
		
		
			
				
				
					10
					
						18.7 Legacy Series / tmpfs security
						« on: November 06, 2018, 10:04:32 pm »
					
					
					hello, i use "Use memory file system for /tmp" which leads to tmpfs, which is great... can you put mount options for it? say.. noexec nosuid, etc? i can't find any options for it... thank you

this is my old FreeBSD tmp: tmpfs on /tmp (tmpfs, local, noexec, nosuid)

thank you
					
				
				

				
			
		
		
			Pages: [1]