Messages

I think I found my issue in reddit:

"
Please note we had to hotfix the kernel which will not reinstall automatically if you caught the bad version. If you experience panics on 24.7.10 relating to pf(4) please reinstall from the GUI (which includes an automatic reboot) or run "opnsense-update -fk" from the shell followed by a manual reboot. The correct kernel identifies itself as "stable/24.7-n267981-8375762712f" using "uname -v".

A hotfix release was issued as 24.7.10_2:"

I checked uname -v and had the wrong kernel. After doing the above and rebooting it was then correct. Hopefully this fixes the crashes.

Also started having random reboots since last update a couple days ago. Unaure why. Havent caught antthing in the logs yet.

No problems since the update also.

Same bullshit issue just hit me today after being fine for 2 days since the update.

Hi All,

Thanks for reporting the issue. Zenarmor started to recognize syn attacks with version 1.17. The syn attack was causing engine crash in the previous versions. So engine has capable to detect syn attacks, and we thought it could be useful information for the users to check the network. Can you share subscription type to check that it could be low threshold issue please?

I have a home license which I pay monthly.

When you say "we thought it could be useful information for the users to check the network" can you explain what we are supposed to check? Zenarmor has zero visibility into this as far as I can tell so its not clear what you are expecting us to check.

Like to give an example, when my car says 'check oil' I use the dip stick to check how much oil there is. What am I clicking in zenarmor to view the syn attack and associated logs?

I mean if there are no options to set, no thresholds to configure and nothing to view then it doesnt really help much.

Image:

Got an email notification that a Syn flood has been detected.

Only thing is I cant find any settings in zenarmor that relate to syn flood or how to even turn it on or off and no understanding what to actually do about it or check if the alert is reasonable. How can I check anything at all or set anything at all that relates to a syn flood?

Kind regards
P

Thanks that post helped.

On upgrading I had some errors in the firewall log and traffic issues.

I eventually got it working but was unsure what change I made to resolve it, as I made several changes to bring traffic back online. The errors I saw were:

2024-01-31T15:14:44-05:00   Error   firewall   There were error(s) loading the rules: pfctl: DIOCADDRULENV: Argument list too long   
2024-01-31T15:14:44-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -f /tmp/rules.debug.old' returned exit code '1', the output was 'pfctl: DIOCADDRULENV: Argument list too long'   
2024-01-31T15:14:44-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT'   
2024-01-31T15:13:34-05:00   Error   firewall   There were error(s) loading the rules: pfctl: DIOCADDRULENV: Argument list too long   
2024-01-31T15:13:34-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -f /tmp/rules.debug.old' returned exit code '1', the output was 'pfctl: DIOCADDRULENV: Argument list too long'   
2024-01-31T15:13:34-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT'   
2024-01-31T15:12:55-05:00   Error   firewall   There were error(s) loading the rules: pfctl: DIOCADDRULENV: Argument list too long


Things I did were delete old disabled gateways not in use, cleared several FW rules, cleared several aliases and other changes like this.

On 24.1, if you click Firmware - Status - Resolve Plugin Conflicts - view and edit local conflicts you get that os-sensei-db (missing).

How can we resolve this?

Kind regards
P

Hi,

The current release does not support the kernel module. However, there is good news - the upcoming release, version 1.16, will include support for the WireGuard kernel module. This new release is planned to be shipped at the beginning of December.

That is great news, thank you!

Hi There,

I would like to use zenarmor with a wireguard interface but I believe this can only be done with the GO implementation. However GO has not been updated since 1.3 and kernel wireguard is now on 2.5. Is the only method to get this working to use this old version of the package that is no longer maintained?

Kind regards
P

In the video referenced that started this post I clearly do not agree with the changes they made and I discuss the challenges of open source in general with a focus on the FreeBSD and if we don't have strong contributors then the downstream ecosystems will suffer from that. 

We all benefit from good discussion on these topics and sharing knowledge so If there are things I am wrong about, let me know.

Thank Lawrence for your input. The OP was not intended to be mean spirited towards you and I agree discussion is good. People will always be passionate so just stay safe and dont take it too personally is all I can say. I was disappointed in what you said which is why I sought clarification here but Im not attacking your character or suggesting that you act in bad faith in any way or anything like that. I like your videos and I encourage people not to get too worked up and stay civil. Your input is appreciated even if it is a perspective not what we expected. In some ways thats even more valuable as we can learn from it :)

Laters
-P

Interesting. Thanks. A lot of us are totally reliant on news like this since we dont follow all the drama as closely.