Messages

I did have a port mirror set up on a switch which fed to a Security Onion instance,  I disabled that to no avail. In my hunt I also discovered that the MTU I was handing out to my DHCP clients was different than what I had set for my LAN interface, so I set those to be the same, but that didn't seem to do much. Then I went around and just rebooted clients on the network, and that evidently cleared things up. I still see some blocked traffic related to my plex server, but I think that's largely related to the weirdness that needs to be configured to expose that to the interwebs.

Hi there. I'm seeing a ton of blocked LAN traffic on my FW, where one thing on my LAN is attempting to talk to another thing on my LAN. I cannot for the life of me understand why this is happening.

__timestamp__   Nov 13 17:54:07
ack   386885594
action    [block]
anchorname   
datalen   0
dir    [in]
dst   192.168.1.52
dstport   55240
ecn   
id   31958
interface   em0
interface_name   lan
ipflags   DF
label   Default deny rule
length   40
offset   0
proto   6
protoname   tcp
reason   match
rid   02f4bab031b57d1e30553ce08e0ec131
ridentifier   0
rulenr   8
seq   
src   192.168.1.5
srcport   443
subrulenr   
tcpflags   A
tcpopts   
tos   0x0
ttl   64
urp   128
version   4

Hi! Not sure where to put this, so the dev branch seemed appropriate. How can I request that osquery be included in the ports library for opnsense? It's available on FreeBSD ports, and it's quite handy to monitor my systems, so I'd love to see it included here so I can query my opnsense host along with the rest of my fleet.