Messages

Hi,thanks for the answer.
Actually what you mention is for the Web UI of Opnsense,I have already used it.
My question has to do with the network part,how to prevent someone using the command line to log in router,so as NOT to continue to the rest of the network.I hope this is clear

Hi,
I would like to ask, how is this possible to prevent someone to logging in the opnsense router,even better using a tool for 2 factor authentication.for even better protection.
Thanks

Hi,
how is this possible to enable multi-factor authentication with OPNSense for logging in the network?
Thanks

[dev.to]

Hello,
when using OPNSense firewall,I cannot access this website for a month or so : dev.to
I don't have the same issue with other sites,I can access everything on the internet.
How can this be related with OPNSense?What the issue could be?
Thanks

Hi,
I would like to ask if AI/Machine learning will be included in OPNSense sooner or later.
I read that there have been some efforts from an OPNSense fork called OPNids etc.
So,are there any intentions to include such things in OPNSense?
Cheers

Hi,
I would like to add authentication or other protective measures in the gate of my router ,i.e WAN.
What should I use for this?
Thanks

Will Suricata detect and then block a Reverse shell connection?As far I can see,Suricate only alerts for Bad traffic,you need to manually block Bad traffic and then Suricata will block the same traffic.Is there any way to automatically block first seen Bad Traffic?
Cheers

Hi,
my question is: In case I am infected with a Reverse shell connection e.g. Meterpreter from Metasploit, is there any way to block this using OPNSense? (Without using Suricata for detection and prevention)
I read that Meterpreter can escape firewall, proxy server etc. So,is this possible to block it?How?
Thanks

Firewall is set by default to block incoming traffic on the WAN interface.

This is true,WAN has no firewall rules,so it means all traffic is blocked. However,how my devices, connected to the OPNSense router, surf the web?
Thanks

The picture shows PC1 is on WIFI network. I am not sure what those really mean. Also, Is the OPNSense connected to the other router with NAT/WAN port?

Do you have any routing configured?

The WAN port of the OPNSense router is connected to a LAN port of the Router 1. I have configured nothing at all for this,just inserted the  ethernet cable connecting the 2 routers.

Hello,thanks for the reply.I added a firewall rule with (see image attached):
Interface:WIFI
Direction:In
Protocol:Any
Source:Any
Source port:Any
Destination:WIFI Net
Destination port:Any

Is this correct? How can I test it (On linux)? Is there something more I can do to protect my PC from routing from untrusted PCs?
Thanks

Hi,Ι want to block traffic/isolate my PC1 from untrusted PCs (PC2 and PC3) on the network.See image attached of the topology of the network.
So,I have 2 routers, one commercial router(Router 1), and one OPNSense router. The OPNSense router is behind Router 1.
On the OPNSense router is connected the PC1.On Router 1 are connected the UNTRUSTED computers PC2 and PC3.My question is, how to block traffic from  PC1 to Untrusted PC2 and PC3 and vice versa? (PC1 should have only traffic from internet.)
What firewall rules should I use for this or other technologies (like Captive Portal,Web proxy etc)?
Thanks in advance

Hi again,

What is your goal with redirecting/blocking DNS?

Actually I wanted to prevent DNS tunneling, that's why I redirected all DNS requests to Opnsense.

Also why are there two allow-all rules below your last "Deny all traffic" rule? They will probably never match...

These two rules were the default rules, when I received the router with Opnsense preinstalled.I will remove them,as you said,they will never match.

I am new to network security and Opnsense, that's why I don't understand them so well. But I will read, as you suggested, tutorials and watch videos to learn network security, primary to protect my network.

Thanks again for your advice and your time.
All the best

Do you actually want to allow traffic from the internet towards your firewall on these ports, or is your goal just to let LAN devices out? If it's the latter, then you should remove the rules from your WAN interface, they're not doing what you think they're doing.

Actually my goal is to let devices from the WIFI interface out i.e. surfing the internet. So I added the rules on the WIFI interface.I also removed all rules from the WAN, as you suggested. Also, I don't use the LAN interface, so I am not adding any rules there,just the defaults.You can see the rules of my interfaces on the images attached.

Please post a screenshot of all rules on all interfaces, plus some additonal info on your DHCP and DNS (Unbound) settings. There could be many reasons

I have removed the Allow DNS rule for security reasons (as I read). So I followed this guide to redirect DNS queries on my OPNSense DNS router.
https://forum.opnsense.org/index.php?topic=9245.0
Should I also apply a Block rule for external DNS servers, according to this tutorial?
https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules#opnsense-firewall-rules-examples
Hm, when I disable the "Redirect DNS to local rule" on the WIFI interface,I still can surf the web.What can be wrong?


Thanks again for your help

Thanks for the reply,I got it working now by set ports on destination.
I also added these rules on LAN.
One more question:Should I create e.g. for the HTTPS traffic,2 rules,one with Direction "In" and one with Direction "Out" so as I do both Ingress(incoming) and Egress(outcoming) filtering?
I read that since Opnsense is a stateful firewall,you can only write one rule and it applies to both directions.Is this correct?

Also, when I disable the Allow DNS rule,I can visit any site,so DNS Allow rule seems of no use.What could be the issue?
Thanks