"
Solved. It's Suricata. I added a second line (LTE/4G) for backup and included it in Suricata for testing. I haven't removed it from the interfaces.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.7, 25.10 Series / Re: CSRF check failed. Your form session may have expired, or you may not have cooki
August 15, 2025, 09:35:25 PM #2
24.7, 24.10 Legacy Series / Re: [NOOB] CSRF check failed. [SOLVED] => ReInstall
August 15, 2025, 09:34:41 PM
Solved. It's Suricata. I added a second line (LTE/4G) for backup and included it in Suricata for testing. I haven't removed it from the interfaces.
#3
25.7, 25.10 Series / Re: CSRF check failed. Your form session may have expired, or you may not have cooki
August 15, 2025, 08:01:25 PM
I have the same problem. I wrote at the end of this post.
I had the problem post upgrade from 25.1 thinking an update had gone wrong. So having to leave for vacation, I installed everything from scratch, clean installation, from thumb drive but now that I am on vacation I can't take action. I realized the problem.
I used default partitioning, I did not make any changes. Is this then a problem with 25.7?
I had the problem post upgrade from 25.1 thinking an update had gone wrong. So having to leave for vacation, I installed everything from scratch, clean installation, from thumb drive but now that I am on vacation I can't take action. I realized the problem.
I used default partitioning, I did not make any changes. Is this then a problem with 25.7?
#4
24.7, 24.10 Legacy Series / Re: [NOOB] CSRF check failed. [SOLVED] => ReInstall
August 15, 2025, 07:51:34 PM
I have the same problem.
Fresh setup. Disk full.
The problem is in /usr folder. The most big folders are:
I don't have touch the partition schema, I have setup opnsense from official iso and restored previous config backup.
Fresh setup. Disk full.
Code Select
root@fwl:/var/log # df -h
Filesystem Size Used Avail Capacity Mounted on
zroot/ROOT/default 1.5G 1.5G 0B 100% /
devfs 1.0K 0B 1.0K 0% /dev
/dev/gpt/efiboot0 260M 1.3M 259M 1% /boot/efi
zroot/home 96K 96K 0B 100% /home
zroot/var/mail 96K 96K 0B 100% /var/mail
zroot 96K 96K 0B 100% /zroot
zroot/usr/ports 96K 96K 0B 100% /usr/ports
zroot/tmp 416K 416K 0B 100% /tmp
zroot/var/audit 96K 96K 0B 100% /var/audit
zroot/var/crash 96K 96K 0B 100% /var/crash
zroot/usr/src 96K 96K 0B 100% /usr/src
zroot/var/log 105G 105G 0B 100% /var/log
zroot/var/tmp 96K 96K 0B 100% /var/tmp
devfs 1.0K 0B 1.0K 0% /var/dhcpd/devThe problem is in /usr folder. The most big folders are:
Code Select
9.0M /usr/local/share/locale
10M /usr/local/share/GeoIP
16M /usr/local/opnsense/www
16M /usr/local/share/man
18M /usr/local/share/icu
23M /usr/local/sbin
25M /usr/local/bin
28M /usr/local/opnsense
41M /usr/local/lib/perl5
45M /usr/local/etc/suricata
48M /usr/local/etc
65M /usr/local/share
99M /usr/local/include/boost
120M /usr/local/include
294M /usr/local/lib/python3.11
459M /usr/local/lib
772M /usr/localI don't have touch the partition schema, I have setup opnsense from official iso and restored previous config backup.
#5
Intrusion Detection and Prevention / Re: IPS in VLAN only environment
May 04, 2023, 11:18:58 AM
Hi I link to this discussion to ask for clarification.
I have OPNsense virtualized on proxmox with a network card with 2 dedicated ports (1 WAN and one for LAN).
I have created VLANs on my LAN, in the interface settings I have Hardware CRC, Hardware TSO, Hardware LRO checked (so all disabled) and VLAN Hardware Filtering disabled.
In IPS I have Promiscuous mode enabled but I am not clear on the Interfaces part. Do I have to select LAN because the VLANs are on this physical interface? Why not select the interface assigned to the VLAN?
Thanks for the clarification
I have OPNsense virtualized on proxmox with a network card with 2 dedicated ports (1 WAN and one for LAN).
I have created VLANs on my LAN, in the interface settings I have Hardware CRC, Hardware TSO, Hardware LRO checked (so all disabled) and VLAN Hardware Filtering disabled.
In IPS I have Promiscuous mode enabled but I am not clear on the Interfaces part. Do I have to select LAN because the VLANs are on this physical interface? Why not select the interface assigned to the VLAN?
Thanks for the clarification
#6
Italian - Italiano / Re: 21.7.4 - ancora problemi di swap e memoria
July 28, 2022, 11:45:23 AM
hai attivo per caso suricata? io avevo lo stesso problema ma fermando e riavviando il servizio la memoria si รจ svuotata.
#7
General Discussion / Re: Blocking single device by IP access to Internet
July 28, 2022, 11:41:26 AM
Hi, I am adding to this post.
i also have the same problem and i have created the rule following what is stated in this post but the machine still navigates.
i am attaching two screenshots.
i also have the same problem and i have created the rule following what is stated in this post but the machine still navigates.
i am attaching two screenshots.
#8
General Discussion / [solved] anydesk and teamviewer are blocked
December 02, 2020, 10:41:36 AM
Hi guys,
I have a problem for a couple of days.
I can no longer access my pc remotely with anydesk or teamviewer.
The firewall rules have not changed.
I have a rule for remote desktop on non-standard port and it works perfectly, while all other connections with anydesk and teamviewer are rejected by the "Default deny rule", but until two days ago everything worked perfectly.
I have active GeoIP and IDS block with automatic rule update, not IPS because I have pppoe connection.
I enclose a screenshot.
Thank you all for your help.
I have a problem for a couple of days.
I can no longer access my pc remotely with anydesk or teamviewer.
The firewall rules have not changed.
I have a rule for remote desktop on non-standard port and it works perfectly, while all other connections with anydesk and teamviewer are rejected by the "Default deny rule", but until two days ago everything worked perfectly.
I have active GeoIP and IDS block with automatic rule update, not IPS because I have pppoe connection.
I enclose a screenshot.
Thank you all for your help.
#9
20.7 Legacy Series / Re: info ids rules and action
November 28, 2020, 02:32:06 PM
Thank you for the clarification
#10
20.7 Legacy Series / info ids rules and action
November 25, 2020, 05:28:03 PM
hello everyone,
I have a question about the IDS system.
I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.
I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".
shouldn't it be "blocked"?
thanks to all
I have a question about the IDS system.
I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.
I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".
shouldn't it be "blocked"?
thanks to all
Pages1
