Messages

[api.qustodio.com]

I'm having the same problem: domains on the whitelist are still blocked. For example, the domain api.qustodio.com is blocked by the Hagezi Pro++ list, and it remains blocked when I add this exact domain to my whitelist. I'm running OPNsense 25.1.3-amd64.

Edit: I found a solution, or at least a workaround, on reddit:

https://www.reddit.com/r/opnsense/comments/1e5tj5g/unbound_dns_blocklist_whitelisted_domains_not/

Instead of whitelisting api.qustodio.com I whitelisted (^|.*\.)api.qustodiocom$ and flushed the cache.

This is now resolved.

After experimenting around I tried subscribing to Snort and loading their rules instead. Those wouldn't load either. This suggested to me that it was not a problem with a particular ruleset or source of rulesets. In the end what helped was to go to the Download tab, check all the rulesets I had enabled and choose "Disable selected". I did this and many more rulesets suddenly showed up in the Download list, including both ET Telemetry and Snort rules. I selected some, then pressed "Save" and "Download & Update Rules", and now I have more rules than I know what to do with.

I guess something had become corrupted in the list of available rulesets. Disabling all of them seemed to fix that so I could start again.

I'm trying to get the ET Pro Telemetry rules to load. I have enabled Intrusion Detection, IPS mode, Promiscuous mode, Hyperscan, and chosen the LAN and WAN interfaces (I understand this is how to do it when VLANs are in use). I have installed the os-etpro-telemetry plugin and entered my et_telemetry.token. Under "Download" I have selected all of the ET telemetry rules and enabled them.

When I press "Download & Update Rules" it spins for a bit and then stops. No rules appear under the Rules tab. The Suricata log file (Services > Intrusion Detection > Log File) shows this:

2021-07-07T10:46:34   suricata[83728]   [100170] <Notice> -- rule reload complete   
2021-07-07T10:46:34   suricata[83728]   [100170] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 7 rule files specified, but no rule was loaded at all!   
2021-07-07T10:46:34   suricata[83728]   [100170] <Notice> -- rule reload starting

The system log (System > Log Files > General) shows the following:

2021-07-07T10:46:34   /rule-updater.py[4309]   version response for https://opnsense.emergingthreats.net/api/v1/ruleset/version : {"ruleset": "opnsense-rules.tar.gz", "version": "9790"}

So it looks like it's downloading something, but Suricata is not receiving any rules. Can anyone help me figure out what's going on here? Thanks.