Messages

As the title suggests, zenamor is reporting over 70,000 live connections.

Displaying 200 of about 72,030 results

Is this possible?

There is an anti-lockout rule in the automatically generated rules. It can be disabled via "Firewall: Settings: Advanced" - but be careful not to lock yourself out.

Thanks, I thought it might be the anti lockout rule but couldnt disable.

I will disable on all except the LAN interface.

Thanks

So, I am really struggling with this.

I have 3 LAN interfaces, I am simple trying to block traffic between all of them. But it doesn't appear to be that simple.

On interface LAN, I am putting the following rules

BLOCK source ALL to destination LAN2 net ALL SERVICES
BLOCK source ALL to destination LAN3 net ALL SERVICES

I am doing the same on all interfaces for the respective networks. This seems to stop ICMP traffic, however I can still hit the router login page at the LAN2 and LAN3 gateway address from LAN1, so clearly for some reason this is not blocking HTTP/HTTPS traffic.

What am I missing here?

Thanks

Ok I dont know why this is so hard,

But I am trying to block traffic between 3 LAN interfaces. I have 3 interfaces setup, LAN1, LAN2 and LAN3. From LAN1, I can reach LAN2 and LAN3.

I have created a firewall rule on LAN1 to BLOCK from ANY OUT to LAN2Net and LAN3Net, this did not work. I also created a rule to BLOCK from ANY to single host or network and specified the network 192.168.2.0/24.

This also did not work; rule is positioned above any allow rules.

Any ideas what I am doing wrong here?

Sorry I cannot seem to expand it, It has a arrow to the right labelled Go To Page but that does not do anything.

Yes, I know.

i originally was testing without IF but also it was not working.

I have directly copied and pasted the config from above.

Yea this looks like exactly what I have,

However, this still does not work for me. I get the following error in the monit logs.

Code Select Expand

2024-12-12T09:11:33 Error monit 'New_Firewall_Access_Detected' content match:

Any more ideas?

So, I am trying to use Monit to monitor for Failed and Successful login attempts. I am not sure why but I cannot get this to work.

Any ideas why this would not be working?

This is what I have,

Thanks

The only way i've managed to make this work is to add a gateway,

So I have the following,

Interface >> Static IP >> Gateway
Gateway

This takes up 2 ip address, one for the interface and one for the Gateway. This seems wrong but I have confirmed that this works.

So i've looked everywhere, and it seems everyone keeps mentioning firewall rules,

But I cannot access a network on a different interface. The interface has a static IP address and I have set firewall rules to allow ANY to ANY for testing on both interfaces. Still I cannot ping between my LAN interface and the other interface.

If I ping a host on the other interface (other interface being not my main LAN interface) directly from OPNsense, I get replied and 0% loss.

Any ideas? Thanks

Ok thanks,

and this is done with

Code Select Expand

opnsense-code ports

Correct?

I'm just curious as they are always out of date, for example, ntopng.

Who is responsible for the package updates for plugins? Is this OPN sense directly or community?

Thanks

Bugger, sorted.

I hadn't created the vlan on the switch.

Also, I'm curious as i've never had ths problem, but the VLAN in question is not listed in "Vlans allowed and active in management domain" and "vlans in spanning tree forwarding state and not pruned"

Not sure if this is related.

The vlan in question here is 10.

Also just to add,

This is a trunk, there is more then one VLAN trunked to OPN.

I just did a packet capture on my main LAN interface, and I can see traffic fine via the capture,

However still on the other VLAN, I see absolutely no packets.