Messages

After upgrading to the latest version
OPNsense 25.1.9-amd64
FreeBSD 14.2-RELEASE-p3
OpenSSL 3.0.16
In the intrusion detection, the user's customization of the IP address has automatically changed from blocking to warning. The continuous attack I set to block and the scanning of my IP address are all unimpeded.
My God, this problem has happened before, I don't know how many times it will happen.

---------------

The official version can be reproduced as follows:
Copy a rule a in a user-defined rule, and then modify the IP address to be blocked into another rule a. After saving and taking effect, check whether these two rules a and b have changed from the original blocking to warning.

thanks...

The last firmware upgrade (25.1.6_4) fixed it for me.

The last firmware upgrade (25.1.6_4) fixed it for me.

The latest patch on Friday also did not solve the problem.

OPNsense 25.1.6_2-amd64
FreeBSD 14.2-RELEASE-p3
OpenSSL 3.0.16

I just applied the latest patch, but the problem is still not solved:

OPNsense 25.1.6_2-amd64
FreeBSD 14.2-RELEASE-p3
OpenSSL 3.0.16

I wonder if yours has recovered to normal? Or are you still having the same problem as me?

Had the same problem and found this issue/fix. https://github.com/opnsense/core/issues/8550
I applied the patch and I can now read the topmost alert, but nothing else. And there's an open issue describing that bug here: https://github.com/opnsense/core/issues/8569
So looks like they are working on it.

I'm glad to get your reply. It seems that I am still in a long wait.

Versions
OPNsense 25.1.5_5-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16

Services => Intrusion Detection => administration => Alerts

It is blank and the specific content cannot be viewed.

I woke up to see if there is an update I am looking forward to, 25.1.2... I am really lucky, there is a notification that it is coming.
After reading all the update prompts and making backups, I have to say goodbye to 24.7 (I will miss you), and bravely click the update button. The first step is to update to 25.1, and then to 25.1.2. The process is very smooth, and there are no problems on 3 machines, a Dell, a PVE VM, and a small host the size of a palm.
The login interface has also been updated. After entering the system, there will be a prompt at the top. If a crash is found, send feedback on the crash information, which can be regarded as providing a little insignificant help. After restarting again, the error prompt disappears.
It has been running normally for 2 hours, and everything is normal.
Thanks to the hard work of the developers. Since the launch of 25.1, it can be seen that there are still many feedbacks on problems. The pressure must be great.
I wish you all a happy weekend.

It's a good suggestion, but this problem will not exist forever, and it will be meaningless after it is fixed.
It is a basic rule not to use a large update version in the production environment first. Give the developers time to solve it.
Drink less coffee and sleep more.

It can be seen that there are many problems after the update, and it can also be seen that the official is trying its best to fix various problems. This is just a post of pure thanks and encouragement.
Thank you for a group of people in this online world who are not afraid of difficulties and can be called heroes.
As a user for many years, I can quietly wait for a version with fewer problems, perhaps 25.1.2.
Drink a cup of coffee, wait for 1 month, and then you can deal with other things.
I also admire the users who dare to try new things and report the problems to the official for solution.
24.7 is currently the most stable version. Keep using it, a strong tiger.

I have the same problem. Can you use https://www.binarydefense.com/banlist.txt as an alias? After I did it, I checked that the number of rules loaded was 0. Other rules can be loaded correctly, but this one cannot. It's very strange.

Greetings all,

I have recently installed OPNsense and run into an issue with one URL I am trying to add as an alias, I get the following error:

alias resolve error BLACKLIST_BinaryDefence (error fetching alias url www.binarydefense.com/banlist.txt)
I have also tried:
alias resolve error BLACKLIST_BinaryDefence (error fetching alias url https://www.binarydefense.com/banlist.txt)
alias resolve error BLACKLIST_BinaryDefence (error fetching alias url www.binarydefense.com)

And continue to get the same error.  I can hit the URL from a browser, and I ran fetch https://www.binarydefense.com/banlist.tx from the command line and it worked with no issues. 

I've been playing with this issue for a couple of days and done some searching online, but unable to find a resolution.  Any assistance would be greatly appreciated

Intrusion Detection => Strategy => There are too many entries. Is it possible to have an option of ALL under each category? It is really frustrating to have to choose one by one under each entry. I feel like I am holding a stone to prepare for defense.

Solution    ;D ;D ;D

I have been reported by Maltrail for a lot of dirty IP access and scanning reported by abuseipdb.com. But I don't know how to integrate abuseipdb.com's IP List into opnsense to block these annoying IPs. Is there any good way to do this? :'(

In setup, I cannot change the settings of interfaces. When I clicked set security zone, I added or deleted status (such as WAN), and after confirming, I clicked restart. However, the deleted status settings reappeared. I tried many times but it didn't work.  :P