Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - brad.edmondson

Pages1
#1
Tutorials and FAQs / Re: Install htop process monitor
March 30, 2021, 11:17:47 PM
QuoteHow would you go about removing ports and src to free the disk space back up?

Sorry, I don't have any experience proving out what works and what doesn't there. I just leave it since there's plenty of space on the SSD in my main OpnSense box.

If I had to guess, I'd say it's likely you can remove the dependency packages once it's compiled and installed and it'll still work, but you wouldn't be able to compile an updated version if and when that becomes necessary. I also don't know if there is an "autoremove" for unnecessary dependencies here like there is in some OS' package managers, but if I needed to figure this out I'd start by googling the same question about FreeBSD.


2022-03-08 Update: Removed HardenedBSD mention, as OpnSense' upstream is now FreeBSD 13 rather than HardenedBSD.
#2
Development and Code Review / Re: DNSBL and additional features Plugin for Unbound
May 20, 2020, 08:29:54 PM
Quote from: mimugmail on May 03, 2020, 11:31:17 AM
Hi,

It replaces all to 0.0.0.0:

https://github.com/opnsense/plugins/blob/master/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py#L111

@mimugmail -
Would it be possible to add an option to reply with NXDOMAIN instead of 0.0.0.0? That's what BIND DNSBL does, and just looking anecdotally at my pageloads, seems to be faster than trying to connect to a broadcast address or loopback address and waiting for TCP to fail.
#3
Tutorials and FAQs / Install htop process monitor
November 17, 2019, 01:36:44 AM
The classic top process monitor just doesn't cut it for me. I prefer htop, with processor & memory graphs, sorting options (including tree), and commands/keys called out in the UI (see attached).



You can install htop on Opnsense from the FreeBSD ports tree. Note that this takes up a lot of space; 3gb for me (1.2gb for ports, 1.7gb for src). On *Opnsense 21.1.2*, I had to do the following:

grab the ports tree, plus tools and source to compile from it:
Code Select
# opnsense-code tools ports src

Switch source to current version:
Code Select

# cd /usr/src
# git checkout stable/21.1


install dependencies:
Code Select

#  pkg install autoconf automake libtool


I installed these as part of troubleshooting the htop install process (I tried resolving the build errors , so I'm not sure whether they would be automatically installed if you skip this step. If you try it out, let me know!)

Install htop:
Code Select

# cd /usr/ports/sysutils/htop
# make install clean





2021-02-23 Update: changed make command to "make install clean" and updated source tree for v21.1: "# git checkout stable/21.1". Validated this works for me as of 2021-02-23 on OPNsense 21.1.2.


2022-03-07 Update: After upgrading to OpnSense 22.1, htop was still installed, but would not launch (this is expected due to library version changes). To get htop working again, I had to remove and reinstall it per the following:

update sources for tools and src repos:
Code Select
# opnsense-code tools src

attempt to update ports tree:
Code Select
#  opnsense-code ports
that didn't work for me, dying halfway through with a git error about "invalid distance" "too far back" for one of the objects.

Instead, I uninstalled all previous ports and removed the ports tree under /usr/ports. List installed ports by asking pkg to tell us which installed packages do not come from the OpnSense repository (those that do end with the repo string " OPNsense" so grep -v functions as a logical *not*:
Code Select
# pkg query --all '%o %R' | grep -v '\ OPNsense$'
sysutils/htop unknown-repository
net/arping unknown-repository

Remove each non-OpnSense-precompiled package, e.g.:
Code Select
# cd /usr/ports/sysutils/htop && make deinstall && make clean
Code Select
# cd /usr/ports/net/arping && make deinstall && make clean

Remove the ports tree entirely:
Code Select
# rm -rf /usr/ports/

Fetch the ports tree anew:
Code Select
# opnsense-code ports

Switch source to current version:
Code Select

# cd /usr/src
# git checkout stable/22.1


install dependencies if needed (if not needed, pkg will just let you know they're already the latest version):
Code Select

#  pkg install autoconf automake libtool


Install htop:
Code Select

# cd /usr/ports/sysutils/htop
# make install clean


After that, htop is working beautifully again! Thanks OpnSense team!
#4
German - Deutsch / Re: Unbound und BIND anwenden als alternative fuer Pi-Hole
October 28, 2019, 04:12:30 AM
Chiming in to say this worked for me. I have Unbound running on tcp/udp 53 (bound to static internal LAN address) and BIND running on 53530 (I think bound to the LAN address, but the firewall doesn't allow traffic to it). This is my Unbound custom config:

Code Select
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530

For Outgoing Network Interface, I can only choose from LAN or WAN (not localhost). I have it set to LAN and things are forwarding correctly, LAN clients --> LAN interface @ 53 --> BIND @ 53530 --> outside resolver.
Pages1