Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - lawful_milieu

Pages1
#1
Zenarmor (Sensei) / Re: Zenarmor 1.16 detecting/scanning "devices" on the internet
December 21, 2023, 06:31:55 AM
Thanks for the tip.

It isn't a "real" WAN interface but thanks to your comment I did notice that all the devices appearing were from that interface. I've disabled it there now.
#2
Zenarmor (Sensei) / Zenarmor 1.16 detecting/scanning "devices" on the internet
December 21, 2023, 01:26:33 AM
The new "Devices" feature is detecting and scanning devices on the internet, like 8.8.8.8 and security.debian.org. What might be causing this? Is there a way to configure the scanning to only detect devices on RFC 1918?
#3
German - Deutsch / Re: Crowdsec Firewallbouncer läuft nicht
September 09, 2023, 07:00:18 AM
I am using google translate:
I have the same issue. My crowdsec-firewall-bouncer log appears similar to yours. I just uninstalled the plugin - it is not much use to me.

Ich nutze Google Translate:
Ich habe das gleiche Problem. Mein Crowdsec-Firewall-Bouncer-Protokoll ähnelt Ihrem. Ich habe das Plugin gerade deinstalliert – es nützt mir nicht viel.
#4
Zenarmor (Sensei) / Re: New Zenarmor Release does weird things
August 16, 2023, 02:39:54 AM
+1

I am noticing the same thing after upgrading to ZenArmor Engine 1.14.2 on OPNsense 23.7.1_3-amd64.

I expect some devices to inherit the default policy and they are getting the policy which is assigned to a separate VLAN tag and IPv4 subnet.

I tried limiting the policies to the IPv4 subnet used on the VLAN as I was previously just using the VLAN tag - this did not change the behavior.

One thing I've noticed is the order in which the policies are listed (/ui/zenarmor/#/0/policies - drag and drop) seems to affect which (wrong) policy is applied.
#5
23.1 Legacy Series / Re: Surricata causing 100% CPU load after upgrade on 23.1
February 06, 2023, 04:43:18 AM
Try turning off Unbound statistics/loggin if you have them enabled:
https://forum.opnsense.org/index.php?topic=32331.msg156261#msg156261

I've disabled it and my CPU appears to have returned to normal after a reboot.
#6
23.1 Legacy Series / Re: python3.9 generates high CPU load and kills Wireguard
February 05, 2023, 07:37:25 PM
I enabled the new Unbound DNS reporting feature after upgrading to 23.1.

Reporting > Settings > Unbound DNS reporting

I'll try turning that off.

Code Select
PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
51774 root         11 103    0   203M   128M CPU1     1 856:40  97.98% python3.9
99856 root          1  86    0    48M    36M CPU2     2 145:03  97.47% python3.9

~ # ps awwux| grep python
root          51774 333.6  1.6  208244  131132  -  R    13:45    856:41.37 /usr/local/bin/python3 /usr/local/opnsense/scripts/unbound/logger.py (python3.9)
root          99856  51.3  0.4   49248   36776  -  Rs   13:02    145:04.14 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)


Update: Appears to have resolved the high CPU issue for me after checking a few hours later.
#7
22.7 Legacy Series / IPv6 DNS Rebind Protection
December 14, 2022, 10:10:13 PM
Hi OPNsense forum, I am new here, and new to IPv6 and networking in general.

Do I need to manually define my allocated IPv6 range xxxx:xxxx:xxxx::/48 in Unbound DNS / Advanced / Rebind protection networks for DNS rebind protection to function correctly for my IPv6 "private" address space?

I am using DHCPv6 with the option set in Unbound to register DHCP static mappings.

Regards

Pages1