OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of brad.edmondson »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - brad.edmondson

Pages: [1]
1
Tutorials and FAQs / Re: Install htop process monitor
« on: March 30, 2021, 11:17:47 pm »
Quote
How would you go about removing ports and src to free the disk space back up?

Sorry, I don't have any experience proving out what works and what doesn't there. I just leave it since there's plenty of space on the SSD in my main OpnSense box.

If I had to guess, I'd say it's likely you can remove the dependency packages once it's compiled and installed and it'll still work, but you wouldn't be able to compile an updated version if and when that becomes necessary. I also don't know if there is an "autoremove" for unnecessary dependencies here like there is in some OS' package managers, but if I needed to figure this out I'd start by googling the same question about FreeBSD.

2022-03-08 Update: Removed HardenedBSD mention, as OpnSense' upstream is now FreeBSD 13 rather than HardenedBSD.

2
Development and Code Review / Re: DNSBL and additional features Plugin for Unbound
« on: May 20, 2020, 08:29:54 pm »
Quote from: mimugmail on May 03, 2020, 11:31:17 am
Hi,

It replaces all to 0.0.0.0:

https://github.com/opnsense/plugins/blob/master/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py#L111

@mimugmail -
Would it be possible to add an option to reply with NXDOMAIN instead of 0.0.0.0? That's what BIND DNSBL does, and just looking anecdotally at my pageloads, seems to be faster than trying to connect to a broadcast address or loopback address and waiting for TCP to fail.

3
Tutorials and FAQs / Install htop process monitor
« on: November 17, 2019, 01:36:44 am »
The classic top process monitor just doesn't cut it for me. I prefer htop, with processor & memory graphs, sorting options (including tree), and commands/keys called out in the UI (see attached).



You can install htop on Opnsense from the FreeBSD ports tree. Note that this takes up a lot of space; 3gb for me (1.2gb for ports, 1.7gb for src). On *Opnsense 21.1.2*, I had to do the following:

grab the ports tree, plus tools and source to compile from it:
Code: [Select]
# opnsense-code tools ports src
Switch source to current version:
Code: [Select]
# cd /usr/src
# git checkout stable/21.1

install dependencies:
Code: [Select]
#  pkg install autoconf automake libtool

I installed these as part of troubleshooting the htop install process (I tried resolving the build errors , so I'm not sure whether they would be automatically installed if you skip this step. If you try it out, let me know!)

Install htop:
Code: [Select]
# cd /usr/ports/sysutils/htop
# make install clean



2021-02-23 Update: changed make command to "make install clean" and updated source tree for v21.1: "# git checkout stable/21.1". Validated this works for me as of 2021-02-23 on OPNsense 21.1.2.

2022-03-07 Update: After upgrading to OpnSense 22.1, htop was still installed, but would not launch (this is expected due to library version changes). To get htop working again, I had to remove and reinstall it per the following:

update sources for tools and src repos:
Code: [Select]
# opnsense-code tools src
attempt to update ports tree:
Code: [Select]
#  opnsense-code portsthat didn't work for me, dying halfway through with a git error about "invalid distance" "too far back" for one of the objects.

Instead, I uninstalled all previous ports and removed the ports tree under /usr/ports. List installed ports by asking pkg to tell us which installed packages do not come from the OpnSense repository (those that do end with the repo string " OPNsense" so grep -v functions as a logical *not*:
Code: [Select]
# pkg query --all '%o %R' | grep -v '\ OPNsense$'
sysutils/htop unknown-repository
net/arping unknown-repository
Remove each non-OpnSense-precompiled package, e.g.:
Code: [Select]
# cd /usr/ports/sysutils/htop && make deinstall && make clean
Code: [Select]
# cd /usr/ports/net/arping && make deinstall && make clean
Remove the ports tree entirely:
Code: [Select]
# rm -rf /usr/ports/
Fetch the ports tree anew:
Code: [Select]
# opnsense-code ports
Switch source to current version:
Code: [Select]
# cd /usr/src
# git checkout stable/22.1

install dependencies if needed (if not needed, pkg will just let you know they're already the latest version):
Code: [Select]
#  pkg install autoconf automake libtool

Install htop:
Code: [Select]
# cd /usr/ports/sysutils/htop
# make install clean

After that, htop is working beautifully again! Thanks OpnSense team!

4
German - Deutsch / Re: Unbound und BIND anwenden als alternative fuer Pi-Hole
« on: October 28, 2019, 04:12:30 am »
Chiming in to say this worked for me. I have Unbound running on tcp/udp 53 (bound to static internal LAN address) and BIND running on 53530 (I think bound to the LAN address, but the firewall doesn't allow traffic to it). This is my Unbound custom config:

Code: [Select]
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530
For Outgoing Network Interface, I can only choose from LAN or WAN (not localhost). I have it set to LAN and things are forwarding correctly, LAN clients --> LAN interface @ 53 --> BIND @ 53530 --> outside resolver.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2