Messages

Press "Inspect". It will show the full ruleset for an interface.

Why not via the filter, it's more obvious. It will also not show up in the other interface view.

[rules (new)]

If I assign firewall rule to multiple interfaces it will not show up in the rules (new) for that specific interface but only if all rules is selected as filter.

It would be nice if the rules (new) filter would show rules that will match the filter for the interface . It would be a good alternative for firewall (interface) group.

Feature request?!

+1

I upgraded Zenarmor to version 1.18 on OPNSense version 24.7.7 today.

I noticed that the idle CPU load in my case went up from 7% to 11%. Do more people notice some increase? It looks also a bit slower but that's difficult to pinpoint.

(EDIT) CPU dropped back to normal. Maybe some background traffic and/or Zearmor housekeeping on the box. This post may be deleted.

Sory Franco, my fault.

I mean get_interfaces_info() and I have corrected my previous reaction.

Thank for all the good (OPNsense) work. Great product.

I fixed the script temporary fixed by copying the get_interfaces_info() ifunction from interfaces.inc (OPNsense 23.7.12_5-amd64) to the custom script. Up to the script owner to change it to work with the new 24.1 functions.

--------------

<?php
require_once("config.inc");
require_once("interfaces.inc");
require_once("plugins.inc.d/dpinger.inc");
require_once("util.inc");

# Added function get_interface_info. Function was removed from interfaces.in in OPNsense version 24.1
function get_interfaces_info($include_unlinked = false)
{
    global $config;
    ....
 

[get_interfaces_info()]

I am using the Grafana OPNsense dashboard from bsmithio that stopped working after upgrading to 24.1

One of the custom (Telegraf) scripts (telegraf_pfifgw.php) does not work because it cannot find the function get_interfaces_info() in the php file functions.inc

Is this function (and others?) removed in version 24.1 and wich function in interfaces.inc does replace this functionality 1 to 1?

Thanks in advance

I have the same issue after upgrading to 24.1.

The Egress connection to Internet work for a couple of minutes when starting the firewall. After this period the traffic to outside stops. After disabling IPS (suricata) the connections are restored. In my case IPS is enabled on the WAN interface.

I have changed my custom file with the help with this post. Now it looks stable for a couple of minutes.

https://forum.opnsense.org/index.php?topic=35130.msg

The 1.14.1 does fix the 'Network error' after upgrading' for me.

After installing version 1.14.1 the two issues I mentioned are solved.

New issue (I think) - I have selected 4 interfaces to protect. The Traffic Graph (Throughput) in the dashboard view does not show any volume/packets graphs. With the upgrade to 1.14 the graphs where visible (2 interfaces), with 1.14.1 no graphs after a couple of minutes.

I upgraded Zenarmor from 1.13 to 1.14. After that the Zenarmor dashboard gave me network errors, but I can bypass that issue by connection to the management IP-address in stead of FQDN

The issue that I facing now is that I cannot select multiple interfaces to protect in the global Zenarmor configuration. After selecting multiple interfaces (and define security zone), then I press apply, Zenarmor confirms the change, but after reloading the page only one interfaces is selected. In the dasboard view two interfaces are shown in the graph as enabled, but they are different from the global config. I am using the default policy.

I some case I was able to select 2 but never more then 3.

I have the same issue with network error when viewing the dashboard. Workaround was to reach the firewall (dashboard) via IP-address instead of FQDN.

Second issue is that I can only select one interface to protect in the settings > configuration. If I select three interfaces only one will be selected after applying the configuration. In the dashboard and live view more interfaces are shown.

Hi Steve,

In my opinion Pi-Hole and Zenarmor are complementary to each other because it's not to be expected that both systems are using the same blocklists.

Important to mention that Pi-Hole blocks on DNS name and Zenarmor can block on more criteria like web category or type of application.

[Block Botnet DGA Domains]

I am running the latest version v1.3 and the feature Block Botnet DGA Domains and Block DNS Tunnelingis showing (Coming soon).

When will those features become available ?

Can conform that 22.7.7_1 fixed the issue also at my side.

Thank you very much.