Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - brad.edmondson

#1
QuoteHow would you go about removing ports and src to free the disk space back up?

Sorry, I don't have any experience proving out what works and what doesn't there. I just leave it since there's plenty of space on the SSD in my main OpnSense box.

If I had to guess, I'd say it's likely you can remove the dependency packages once it's compiled and installed and it'll still work, but you wouldn't be able to compile an updated version if and when that becomes necessary. I also don't know if there is an "autoremove" for unnecessary dependencies here like there is in some OS' package managers, but if I needed to figure this out I'd start by googling the same question about FreeBSD.



2022-03-08 Update: Removed HardenedBSD mention, as OpnSense' upstream is now FreeBSD 13 rather than HardenedBSD.
#2
Quote from: mimugmail on May 03, 2020, 11:31:17 AM
Hi,

It replaces all to 0.0.0.0:

https://github.com/opnsense/plugins/blob/master/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py#L111

@mimugmail -
Would it be possible to add an option to reply with NXDOMAIN instead of 0.0.0.0? That's what BIND DNSBL does, and just looking anecdotally at my pageloads, seems to be faster than trying to connect to a broadcast address or loopback address and waiting for TCP to fail.
#3
Tutorials and FAQs / Install htop process monitor
November 17, 2019, 01:36:44 AM
The classic top process monitor just doesn't cut it for me. I prefer htop, with processor & memory graphs, sorting options (including tree), and commands/keys called out in the UI (see attached).



You can install htop on Opnsense from the FreeBSD ports tree. Note that this takes up a lot of space; 3gb for me (1.2gb for ports, 1.7gb for src). On *Opnsense 21.1.2*, I had to do the following:

grab the ports tree, plus tools and source to compile from it:
# opnsense-code tools ports src

Switch source to current version:

# cd /usr/src
# git checkout stable/21.1


install dependencies:

#  pkg install autoconf automake libtool


I installed these as part of troubleshooting the htop install process (I tried resolving the build errors , so I'm not sure whether they would be automatically installed if you skip this step. If you try it out, let me know!)

Install htop:

# cd /usr/ports/sysutils/htop
# make install clean






2021-02-23 Update: changed make command to "make install clean" and updated source tree for v21.1: "# git checkout stable/21.1". Validated this works for me as of 2021-02-23 on OPNsense 21.1.2.



2022-03-07 Update: After upgrading to OpnSense 22.1, htop was still installed, but would not launch (this is expected due to library version changes). To get htop working again, I had to remove and reinstall it per the following:

update sources for tools and src repos:
# opnsense-code tools src

attempt to update ports tree:
#  opnsense-code ports
that didn't work for me, dying halfway through with a git error about "invalid distance" "too far back" for one of the objects.

Instead, I uninstalled all previous ports and removed the ports tree under /usr/ports. List installed ports by asking pkg to tell us which installed packages do not come from the OpnSense repository (those that do end with the repo string " OPNsense" so grep -v functions as a logical *not*:
# pkg query --all '%o %R' | grep -v '\ OPNsense$'
sysutils/htop unknown-repository
net/arping unknown-repository


Remove each non-OpnSense-precompiled package, e.g.:
# cd /usr/ports/sysutils/htop && make deinstall && make clean
# cd /usr/ports/net/arping && make deinstall && make clean

Remove the ports tree entirely:
# rm -rf /usr/ports/

Fetch the ports tree anew:
# opnsense-code ports

Switch source to current version:

# cd /usr/src
# git checkout stable/22.1


install dependencies if needed (if not needed, pkg will just let you know they're already the latest version):

#  pkg install autoconf automake libtool


Install htop:

# cd /usr/ports/sysutils/htop
# make install clean


After that, htop is working beautifully again! Thanks OpnSense team!
#4
Chiming in to say this worked for me. I have Unbound running on tcp/udp 53 (bound to static internal LAN address) and BIND running on 53530 (I think bound to the LAN address, but the firewall doesn't allow traffic to it). This is my Unbound custom config:

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530


For Outgoing Network Interface, I can only choose from LAN or WAN (not localhost). I have it set to LAN and things are forwarding correctly, LAN clients --> LAN interface @ 53 --> BIND @ 53530 --> outside resolver.