Messages

1

Zenarmor (Sensei) / Re: Zenarmor 1.16 detecting/scanning "devices" on the internet

« on: December 21, 2023, 06:31:55 am »

Thanks for the tip.

It isn't a "real" WAN interface but thanks to your comment I did notice that all the devices appearing were from that interface. I've disabled it there now.

2

Zenarmor (Sensei) / Zenarmor 1.16 detecting/scanning "devices" on the internet

« on: December 21, 2023, 01:26:33 am »

The new "Devices" feature is detecting and scanning devices on the internet, like 8.8.8.8 and security.debian.org. What might be causing this? Is there a way to configure the scanning to only detect devices on RFC 1918?

3

German - Deutsch / Re: Crowdsec Firewallbouncer läuft nicht

« on: September 09, 2023, 07:00:18 am »

I am using google translate:
I have the same issue. My crowdsec-firewall-bouncer log appears similar to yours. I just uninstalled the plugin - it is not much use to me.

Ich nutze Google Translate:
Ich habe das gleiche Problem. Mein Crowdsec-Firewall-Bouncer-Protokoll ähnelt Ihrem. Ich habe das Plugin gerade deinstalliert – es nützt mir nicht viel.

4

Zenarmor (Sensei) / Re: New Zenarmor Release does weird things

« on: August 16, 2023, 02:39:54 am »

+1

I am noticing the same thing after upgrading to ZenArmor Engine 1.14.2 on OPNsense 23.7.1_3-amd64.

I expect some devices to inherit the default policy and they are getting the policy which is assigned to a separate VLAN tag and IPv4 subnet.

I tried limiting the policies to the IPv4 subnet used on the VLAN as I was previously just using the VLAN tag - this did not change the behavior.

One thing I've noticed is the order in which the policies are listed (/ui/zenarmor/#/0/policies - drag and drop) seems to affect which (wrong) policy is applied.

5

23.1 Legacy Series / Re: Surricata causing 100% CPU load after upgrade on 23.1

« on: February 06, 2023, 04:43:18 am »

Try turning off Unbound statistics/loggin if you have them enabled:
https://forum.opnsense.org/index.php?topic=32331.msg156261#msg156261

I've disabled it and my CPU appears to have returned to normal after a reboot.

6

23.1 Legacy Series / Re: python3.9 generates high CPU load and kills Wireguard

« on: February 05, 2023, 07:37:25 pm »

I enabled the new Unbound DNS reporting feature after upgrading to 23.1.

Reporting > Settings > Unbound DNS reporting

I'll try turning that off.

Code: [Select]

PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
51774 root         11 103    0   203M   128M CPU1     1 856:40  97.98% python3.9
99856 root          1  86    0    48M    36M CPU2     2 145:03  97.47% python3.9

~ # ps awwux| grep python
root          51774 333.6  1.6  208244  131132  -  R    13:45    856:41.37 /usr/local/bin/python3 /usr/local/opnsense/scripts/unbound/logger.py (python3.9)
root          99856  51.3  0.4   49248   36776  -  Rs   13:02    145:04.14 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)

Update: Appears to have resolved the high CPU issue for me after checking a few hours later.

7

22.7 Legacy Series / IPv6 DNS Rebind Protection

« on: December 14, 2022, 10:10:13 pm »

Hi OPNsense forum, I am new here, and new to IPv6 and networking in general.

Do I need to manually define my allocated IPv6 range xxxx:xxxx:xxxx::/48 in Unbound DNS / Advanced / Rebind protection networks for DNS rebind protection to function correctly for my IPv6 "private" address space?

I am using DHCPv6 with the option set in Unbound to register DHCP static mappings.

Regards