Messages

My initial impression of the app so far is positive ill highly the few things. i really like the simplicity of the install kind of reminds me on Maltrail . The lightweights witch good for those who are not running like a r620 or equivalent for home use. So far no stability issues on net that is around 500mb down. over all for home use i feel it better then Crowedsec and Suricata/snort . I have used most of them snort , Suricata , Crowdsec , Matrail and Zenarmor. if you want me compare them Qfeeds is by far the lightest and simplest compared to those.   I do have a few questions not sure if they been said . Will there be asn look up or any way to look up and get info on the particular address? second is for the updates is that a hardlimit 7days i feel that should be 3-4days just my opinion. I do realize the opnsense logging dictates what the addon can do.   

I'm interested in trying it . Does it use the logs in any form for how it works ?

I had the same issue but was on 25.1.8 since i reverted from the latest . I have noticed over the past 2 updates dns issues.  I think it a unbound issue not sure  that's why i reverted 

Did you check for 25.1.4_1 there was a hotfix for the widget and it fixed the live view . I had the same issue before the hotfix

First for most what kind of hardware are you running? Have you tried the ken steele version or the less memory one . To my knowledge hyperscan  requires allot memory to run correctly. can you post the errors ?

There isn't many list that can do ipv6 . I have used Blocklist de and Dan.me.uk tor lists the other is the matrail scanner list that i'm aware of. But there crowdsec witch kind like a blocklist. I had the same question when i was trying pfsense.   

You are probably doing this, but just in case, are you enabling the logging in each of your manual firewall rules?

As far as reverting, did you set a Snapshot before the upgrade? I'm guessing not, but that feature makes for easy rollbacks.

Yes do i enable it. I did a fresh install of opnsense just wanted make sure zen wasn't causing issues since there was some netmap notice
on 24.1-24.7 both  reports fine but 25.1 doesn't log either rule it almost seems like 3rules it will allow  reporting in the logs but more then that doesn't

I created the rules manually on the WAN interface and indeed, now it works, traffic from the banned IP's is blocked by the firewall.
Also I see the same as 'dinguz' when using the 'Inspect' (or eye) function in the firewall rules: Both automatically generated IPv4 and IPv6 rules have 'N/A' on all inspect columns, so I assume something is not right with those rules (all other rules have numbers there).

I'm not sure what you mean 'dan786' with manual rules not reporting right, maybe you need to turn on logging for those rules? (click on the 'i' icon in the rules list to enable logging, default is disabled).

I have been using Opnsense few years now never seen that issue before no i had the logging enabled but still wouldn't work right. there a patch or something that coming to address that . I'm not sure why maltrail did that.

Assuming you mean the bug where CrowdSec is not blocking traffic, there is a command line fix available now:

https://github.com/opnsense/plugins/issues/4511#issuecomment-2634071748

That was part but i noticed when i make regular rules with blocklist de and greensnow there not being reported nor nothing in the logs about errors 

Is there a way to go back to the prior versions since 25.1 has reporting issues with crowdsec. I have noticed the revert command has an error 

root@OPNsense:~ # opnsense-revert -r 24.7.10 opnsense
Fetching opnsense.pkg: ..[fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/MINT/24.7.10/latest/Latest/opnsense.pkg.sig: Not Found] failed

root@OPNsense:~ # opnsense-revert -r 24.7.12 opnsense
Fetching opnsense.pkg: ..[fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/MINT/24.7.12/latest/Latest/opnsense.pkg.sig: Not Found] failed

I have the same issue even manual rule making it does not report right but also noticed Matrail does similar not reporting

Is it required to run raid ?  I have a r620  that has the other card but i disabled it so not using raid. Is it only on the one server or all them does it ?  With out opnsense installed have you tried linux just see if that installs ?

Is the cloud management required to be installed . When i tried to installed Zenarmor on rc2 24.7 it did the initial set up but said some about the cloud node being down. That was with the SQlite while mono works on 24.1.10 . I remember vaguely  few months ago there was a post about something changed an it was required to have it installed.

Did something change in the 24.1 series to where  the default log  block settings in the  system- settings logging is gone ? I have tried multiple times  clean install and still missing . All i see is enable local logging , max preserved files and max size.

/usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:169: stream_get_contents(): Argument #1 ($stream) must be of type resource, null given

every update and plugin install that shows up and it a fresh install of opnsense