Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - armdn

Pages1

25.1, 25.4 Production Series / Re: CrowdSec Starting and Stopping

March 29, 2025, 11:11:05 AM

I have the same problem.

Mine logs the same:
level=error msg="Failed to load bucket ls111/opnsense_naxsi_waf_event: invalid bucket from /usr/local/etc/crowdsec/scenarios/scenario.yaml: filter is not allowed for IP scope"
level=fatal msg="crowdsec init: while loading scenarios: scenario loading failed: loading of ls111/opnsense_naxsi_waf_event failed: invalid bucket from /usr/local/etc/crowdsec/scenarios/scenario.yaml: filter is not allowed for IP scope"

It seems this is the old config from ls111 (github) for NAXSI WAF integration.

Intrusion Detection and Prevention / Re: After upgrading to 23.1.1, my OPNsense no longer works if suricata is activated

February 28, 2023, 08:32:02 AM

Same trouble. But more than that - i lost access to web ui and ssh!

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

December 05, 2022, 08:55:59 AM

Same problem here. And what im found:
1) It is clearly IPS mode when enabled, it drops all outbound traffic on WAN, but inbound traffic is still go;
2) If disable IPS mode - then everything is goes as expected.

So Suricata 6.0.9 IPS mode starts killing whole traffic from inside to outside.

Pages1