Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - dan786

#1
Comcast and cox is not in my  intermediate area.  Used have dsl but that shifted to cell service and supposedly  fiber in there . Spectrum mainly what it is here. I have noticed with certain rounters they seem to accept igmp from wan  like the flint2 rounters. My network on the small size like yours and i dont have anything that requires that.   
#2
I have the same thing  past week isp did network upgrades.  I'm not familair with the igmp protocall. It is in the bogons list so i assumed it should always be blocked   
#3
General Discussion / Re: Crowdsec Observations
June 09, 2026, 07:00:33 PM
I have seen what your talking about in past 3-4 years off and on useage of crowdsec. For home use i like the idea of it but has a bar that must be reach interms of understanding to install it. Anyways the biggest issues i have found with it first is the table it uses starts at like 60k but after few days or week it drops to 8k. I have tried fresh installs and same thing. Secondly  when i have adjusted the default ban from 4hrs to say 48 hrs it keeps defaulting back to 4. Third i have found some ip's dont get added to it list  few days after  they stopped being logged by opnsense like it delayed or somereason.   
#4
My initial impression of the app so far is positive ill highly the few things. i really like the simplicity of the install kind of reminds me on Maltrail . The lightweights witch good for those who are not running like a r620 or equivalent for home use. So far no stability issues on net that is around 500mb down. over all for home use i feel it better then Crowedsec and Suricata/snort . I have used most of them snort , Suricata , Crowdsec , Matrail and Zenarmor. if you want me compare them Qfeeds is by far the lightest and simplest compared to those.   I do have a few questions not sure if they been said . Will there be asn look up or any way to look up and get info on the particular address? second is for the updates is that a hardlimit 7days i feel that should be 3-4days just my opinion. I do realize the opnsense logging dictates what the addon can do.   
#5
I'm interested in trying it . Does it use the logs in any form for how it works ?
#6
I had the same issue but was on 25.1.8 since i reverted from the latest . I have noticed over the past 2 updates dns issues.  I think it a unbound issue not sure  that's why i reverted 
#7
Did you check for 25.1.4_1 there was a hotfix for the widget and it fixed the live view . I had the same issue before the hotfix
#8
First for most what kind of hardware are you running? Have you tried the ken steele version or the less memory one . To my knowledge hyperscan  requires allot memory to run correctly. can you post the errors ?
#9
There isn't many list that can do ipv6 . I have used Blocklist de and Dan.me.uk tor lists the other is the matrail scanner list that i'm aware of. But there crowdsec witch kind like a blocklist. I had the same question when i was trying pfsense.   
#10
25.1, 25.4 Legacy Series / Re: revert back to 24.7.12
February 05, 2025, 05:16:57 PM
Quote from: julsssark on February 05, 2025, 04:59:12 PMYou are probably doing this, but just in case, are you enabling the logging in each of your manual firewall rules?

As far as reverting, did you set a Snapshot before the upgrade? I'm guessing not, but that feature makes for easy rollbacks.

Yes do i enable it. I did a fresh install of opnsense just wanted make sure zen wasn't causing issues since there was some netmap notice
on 24.1-24.7 both  reports fine but 25.1 doesn't log either rule it almost seems like 3rules it will allow  reporting in the logs but more then that doesn't
#11
Quote from: svheel on February 04, 2025, 06:57:55 PMI created the rules manually on the WAN interface and indeed, now it works, traffic from the banned IP's is blocked by the firewall.
Also I see the same as 'dinguz' when using the 'Inspect' (or eye) function in the firewall rules: Both automatically generated IPv4 and IPv6 rules have 'N/A' on all inspect columns, so I assume something is not right with those rules (all other rules have numbers there).

I'm not sure what you mean 'dan786' with manual rules not reporting right, maybe you need to turn on logging for those rules? (click on the 'i' icon in the rules list to enable logging, default is disabled).
I have been using Opnsense few years now never seen that issue before no i had the logging enabled but still wouldn't work right. there a patch or something that coming to address that . I'm not sure why maltrail did that.
#12
25.1, 25.4 Legacy Series / Re: revert back to 24.7.12
February 05, 2025, 03:33:33 PM
Quote from: julsssark on February 04, 2025, 06:42:50 PMAssuming you mean the bug where CrowdSec is not blocking traffic, there is a command line fix available now:

https://github.com/opnsense/plugins/issues/4511#issuecomment-2634071748

That was part but i noticed when i make regular rules with blocklist de and greensnow there not being reported nor nothing in the logs about errors 
#13
25.1, 25.4 Legacy Series / revert back to 24.7.12
February 04, 2025, 06:01:16 PM
Is there a way to go back to the prior versions since 25.1 has reporting issues with crowdsec. I have noticed the revert command has an error 

root@OPNsense:~ # opnsense-revert -r 24.7.10 opnsense
Fetching opnsense.pkg: ..[fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/MINT/24.7.10/latest/Latest/opnsense.pkg.sig: Not Found] failed

root@OPNsense:~ # opnsense-revert -r 24.7.12 opnsense
Fetching opnsense.pkg: ..[fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/MINT/24.7.12/latest/Latest/opnsense.pkg.sig: Not Found] failed
#14
I have the same issue even manual rule making it does not report right but also noticed Matrail does similar not reporting
#15
Is it required to run raid ?  I have a r620  that has the other card but i disabled it so not using raid. Is it only on the one server or all them does it ?  With out opnsense installed have you tried linux just see if that installs ?