Messages

Just use an asterisk (*) to specify any domain

Ahh, thank you! This was the missing point. I saw the section but didn't realize asterisk can be used. This solves it then. :)

I just need to wait for the patch to be released.

Just follow the docs.

Thanks for that. That's a one way of doing it and I'll give it a go.
But it would allow for much more flexibility if Dnsmasq hand a configurable option to set upstream (forwarding) DNS servers.

That would allow much cleaner setup: client -> DHCP/DNS Dnsmasq -> DNS Unbound -> upstream ISP/Internet

How do I configure Unbound and Dnsmasq to play along nicely? I don't see option for upstream (forwarding) servers in Dnsmasq? I'm on version 25.1.7_4-amd64.

This option (to set forwarding servers in Dnsmasq) seems to be described in online user manual but does not exist on the above mentioned firmware version.

Basically I'd like to have Dnsmasq for DHCP and DNS for local LANs. Then point Dnsmasq to Unbound for DNS resolutions and DNS blocking.

And I need local unqualified hostnames to be inserted into DNS.

System version: OPNsense 21.1.5-amd64

I have a simple port forward defied with http port on wan side redirected to local server.

When outbound NAT is set to Automatic or Hybrid the port forwarding works fine.
When I manually configure outbound NAT as shown on the picture, port forwarding also works fine.

However, when I change outbound NAT source to ANY (instead of defined RFC1918 subnets), port forwarding stops working! Why is that?

Thank you.

Thanks. I totally missed that

What is the recommended approach to move sensei data (mongo db/logs) to another disk or partition?
Where exactly are the data located on default install?

To explain, I've added 2nd SSD to the opnsense as the system default partition was running out of space and I need to move data.

thanks

Thanks for the update.
Sometimes there are also artefacts left on the screen where AD supposed to be. These behaviour is not really happening on pi-hole for example. ...see attachment

How can I delete Surricata rules? I was playing with various sources and now have 217048 rules on the system, all set to Alert. Just want to delete them all and download only what I need.
Disabling alerting is really PITA as one can do only 1000 rules at a time. I prefer to delete them all and start from scratch.

Same issue here

Code Select Expand

2020-10-21T08:53:20 suricata[52318] [101262] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-21T08:47:24 suricata[52303] [100253] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode

I don't believe there's any SIP ALG enabled by default. If you want that functionality you'd need to load and configure os-siproxd plugin.

[Type of DNSBL]

I can't find documentation for the Blocklist section, if there is kindly point me to it.

My question is, when I select lists in the Type of DNSBL field do I still need to provide corresponding URLs in URLs of Blacklists field?
Or is URLs of Blacklists just for custom lists?

How often are the lists refreshed?

Is there a way to provide sinkhole for Ad Blocking?
When the Ad Blocking is enabled is causes a longer page loads due to time outs. Is there a way to redirect the ad requests to a sinkhole? ...similar approach that pi-hole and pfBlocker are deploying?

We have dual gateway system. 1st gateway is preferred, 2nd gateway is used only if the 1st one fails.

When the 1st fails and 2nd gateway takes over everything works except internal VoIP ATA is showing "Trying to register" to internat side SIP provider and won't register.
We have to manually flush state table and restart the ATA, then it'll register.

We have kill states on gateway failure enabled as well as dynamic state reset is enabled.

Any pointers to fix the issue appreciated.