Messages

a firewall rule is permanent. Is this for prevention or are you investigating something?
Malware sessions are from inside to outside (internet). You can block known destinations.

Both prevention and investigation. I suspect they are from inside and I don't know what IP they are connecting to. I'm new to firewalls and OPN Sense.

What rules should I make to find short lived connections like ones made by malware?

Which version?

It's either 20.1 or 20.7.

System : Settings : Logging, Disable circular and set the days to preserve logs.

When I go to System>Settings>Logging, I'm unable see to any option for circular.

After selecting a mirror a download button will be shown, clicking on the download button is opening the ISO file or IMG file in a new tab instead of allowing me to save it.

Can't reproduce that. Tried with latest Firefox on MacOS. It's not downloading an ISO or IMG. It's a bz2 file. Maybe your browser is not handling that correct.

I assumed it wasn't compressed, so I thought the file extension is ISO or IMG. How are you doing this? Are you right clicking on the download button and selecting save as or just left clicking on the download button?

I'm getting the same problem even now.

Which browser and version are you using? Which OS?

Please tell us what you select in the dropdowns:
- System architecture
- image type
- mirror

This is something I would at least expect when reporting a possible bug on a website.

Then someone can try to find it why your browser is doing that. I just tried some combinations and it works as expected, download starts.

Firefox latest. Fedora OS

System architecture: amd64
image type: any
mirror: any

System : Settings : Logging, Disable circular and set the days to preserve logs.

Okay. Thx

client browser does not respect content-type header.
client-side issue

I don't have this problem on other websites, including firewall download sites.

Is there a way to view older entries in the live view of firewall logs?

I want to be able to see all the connections a client makes from the time it starts till it is shutdown. How can I do this? The live view is only showing few connections and older ones are replaced by newer ones.

In which context?

We need some more informations.

Type opnsense.org in your browser

Click on Download

Select a mirror

After selecting a mirror a download button will be shown, clicking on the download button is opening the ISO file or IMG file in a new tab instead of allowing me to save it.

When I press the download button, instead of allowing me to save the ISO file or IMG file, it is opening a webpage with garbled text, it is completely freezing the browser, I'm assuming it is the contents of the ISO file or IMG file.

To avoid this problem I have to right click on the download button and select something like save this file as to actually save the ISO file or IMG file.

Is there a way to find out what causes random freezing of OPNSense?

Few days ago, there was a disconnection in WAN side, in the night, OPNSense froze, no clients were on during this time, when I turned on I couldn't access the webUI. I had to hard reset to get it back up.

I was wondering if anyone could have performed a man-in-the-middle attack while there was a disconnection in the WAN side, can I run any integrity checks or view logs? Where can I find system logs if it has  been tampered with?

Or should reinstall the whole thing again?

If that's your attitude when someone tries to help, good luck with your life. I can see why you were banned from the IPFire forum. Your rule doesn't do what you think it does, but given you seem to know so much about what you are doing, I am sure you will figure it out yourself

I think you wanted to troll me or you have poor reading comprehension.

There is nothing wrong with my attitude, in fact in my opening post I asked what am I doing wrong, do you think I would have asked such a question, if I was sure of myself? You could have answered what I was doing wrong, instead chose to troll me or chose to not apply your mind. Why doesn't my rule do what I think it should?

My opening post says, I blocked every other rule, it implies, the newly created rule is active but other rules are inactive. Yet, you tried to make a thoughtless post, maybe your double-agent from IP Fire, to defend their dirt, you wanted to troll me here.

[every other rule]

Traffic is blocked by default, so if you disabled all other rules, there is no rule to allow the required traffic

I clearly wrote that I made this rule and disabled every other rule, so shouldn't this rule allow access to the IPs in the alias list?

As this rule is active shouldn't it allow access to the IPs in the it's alias list?

I created an Alias list of IPs of websites I visit most, in OPT1 interface using this Alias I created a block firewall rule, in the destination portion, I selected invert match and used this alias, I saved this rule and applied. I disabled every other rule, and I tried accessing those sites and I wasn't able to access them, I couldn't ping them also.

What am I doing wrong?

I want to create a list of IPs to which my network has access, my network must not access to IPs which are not in that list.