"
Thank you for the script
I just realised that the path changed while backup plugin got incorporated
I just realised that the path changed while backup plugin got incorporated
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Tutorials and FAQs / Re: Sample bash script for backups using the API
February 18, 2024, 01:32:20 PM #2
23.7 Legacy Series / Re: Upgraded to 23.7. Wow.
August 18, 2023, 07:13:38 AM
just to report: upgrade from 23.1 to "OPNsense 23.7.1_3-amd64" went completely flawless - yes, I almost stopped breathing for some time but it simply took around 5-10 minutes (I don't remember).
That was on done one dedicated machine:
Intel(R) Celeron(R) J4125 CPU @ 2.00GHz (4 cores, 4 threads)
2x 250GB SSD in raid
16GB RAM
4x 2.5Gbps NICs
thank you all for great job
That was on done one dedicated machine:
Intel(R) Celeron(R) J4125 CPU @ 2.00GHz (4 cores, 4 threads)
2x 250GB SSD in raid
16GB RAM
4x 2.5Gbps NICs
thank you all for great job
#3
General Discussion / Re: Time of Day Restrictions
May 23, 2023, 09:21:16 PMQuote from: BeNe on April 13, 2018, 09:58:21 AM
You can create schedules under Firewall -> Settings -> Schedules and set your needed time.
Then create a Firewall Rule and select the created Schedules.
Best is maybe to set the time the internet should be blocked and create a deny rule on top.
You can register the MAC in the DHCP Server and assing a static IP. So you can create the rule only for the single device via the IP-Adress.
it is working like a charm but try to set up: "every day, between 20:00 and 08:00 next day" - that is kind of impossible:
1- every day has to be marked separately
2- hours have to be split into:
20:00-23:59
00:00-08:00
very very inconvenient
but it works
#4
Tutorials and FAQs / Re: allow specific URI on firewall
April 21, 2023, 03:07:46 PM
THANK YOU!
I love the last sentence: "let them phone home" ;-)
Since I installed opnsense and blocked IoT VLAN, I am ASTONISHED seeing how many of them are calling home (for help or extra money) - mainly it is... calling Amazon - all kinds of IoT devices - not only Chinese (btw which one is not done in China? probably none).
My IoT device I am talking about is self made temperature/humidity sensor that apart from updating my Home Assistant, also updates my weather station on wunderground.
Considering how much memory the device has, plus that it is supposed to sleep (so it must be as quick as possible) nothing more on the device is doable.
So I shall stay on unblocking entire traffic for this MAC address and... let it be ;-)
I love the last sentence: "let them phone home" ;-)
Since I installed opnsense and blocked IoT VLAN, I am ASTONISHED seeing how many of them are calling home (for help or extra money) - mainly it is... calling Amazon - all kinds of IoT devices - not only Chinese (btw which one is not done in China? probably none).
My IoT device I am talking about is self made temperature/humidity sensor that apart from updating my Home Assistant, also updates my weather station on wunderground.
Considering how much memory the device has, plus that it is supposed to sleep (so it must be as quick as possible) nothing more on the device is doable.
So I shall stay on unblocking entire traffic for this MAC address and... let it be ;-)
#5
Tutorials and FAQs / allow specific URI on firewall
April 21, 2023, 07:01:29 AM
hi there,
So I put my all IoT devices in separate VLAN and of course I allowed them ... nothing ;-)
But there are exceptions which I would like to handle somehow.
Example: one of my IoT devices is sending data to wunderground.com - updating the weather station details.
Now, I am not sure how to build the rule to allow this communication to happen.
When I open the internet for this device - of course it works but that is not what I would like.
When I open only wunderground.com it does not work - as per logs this domain although hardcoded in this IoT device (I know because it is me who wrote the program for it) - it calls different IPs - it seems like this domain is hosted by AWS.
So sometimes I see in the logfile:
another time another IP:
So how to build the rule to allow this specific IoT device (I used its MAC as a source) to reach only specific domain (wunderground.com) irrespective of its IP (in case the domain has different IPs).
If I am not able to know how to unblock the destination, the next rule hits: "block the internet for all IoT devices" and no updates on wunderground.com
thx
So I put my all IoT devices in separate VLAN and of course I allowed them ... nothing ;-)
But there are exceptions which I would like to handle somehow.
Example: one of my IoT devices is sending data to wunderground.com - updating the weather station details.
Now, I am not sure how to build the rule to allow this communication to happen.
When I open the internet for this device - of course it works but that is not what I would like.
When I open only wunderground.com it does not work - as per logs this domain although hardcoded in this IoT device (I know because it is me who wrote the program for it) - it calls different IPs - it seems like this domain is hosted by AWS.
So sometimes I see in the logfile:
Code Select
52.22.134.222 [ec2-52-22-134-222.compute-1.amazonaws.com]another time another IP:
Code Select
54.159.105.134 [ec2-54-159-105-134.compute-1.amazonaws.com]So how to build the rule to allow this specific IoT device (I used its MAC as a source) to reach only specific domain (wunderground.com) irrespective of its IP (in case the domain has different IPs).
If I am not able to know how to unblock the destination, the next rule hits: "block the internet for all IoT devices" and no updates on wunderground.com
thx
#6
General Discussion / Re: Blocking single device by IP access to Internet
April 20, 2023, 02:12:38 PM
I just followed your advice guys and just to say: it works like a charm:
- IoT devices that are with DHCP 192.168.1.81-240 blocked everything but 192.168.1.0
- IoT cameras that are fixed IP range: 192.168.1.15-20 blocked everything but 192.168.1.0
#7
Tutorials and FAQs / Re: *Newbie* Seeking advice new OPNSense setup & network organisation
April 05, 2023, 07:26:47 PM
I am where you are.
Yesterday I had:
Fiber ONT-> VF router -> switch -> Proxmox (LAN)
-> Other machines (LAN)
-> AP1 (wifi) home network
-> AP2 (wifi) IoT at home
I changed to:
Fiber ONT-> Proxmox Opnsense (NIC1 = WAN) -> Proxmox Opnsense (NIC2 = LAN) -> switch -> Other machines (LAN)
-> AP1 (wifi) home network
-> AP2 (wifi) IoT at home
DNS on pihole (in "other machines LAN"), DHCP on Opnsense. My Proxmox has 3 NICs - 3rd one I use for PVE management.
VF router used as AP only now (before it was both: router and AP), as I managed to get into ISP from Opnsense (WAN) using PPoE
I am at the very beginning of the journey but I like it ;-)
I am also looking for some advices on how to but slowly will get there ;)
Yesterday I had:
Fiber ONT-> VF router -> switch -> Proxmox (LAN)
-> Other machines (LAN)
-> AP1 (wifi) home network
-> AP2 (wifi) IoT at home
I changed to:
Fiber ONT-> Proxmox Opnsense (NIC1 = WAN) -> Proxmox Opnsense (NIC2 = LAN) -> switch -> Other machines (LAN)
-> AP1 (wifi) home network
-> AP2 (wifi) IoT at home
DNS on pihole (in "other machines LAN"), DHCP on Opnsense. My Proxmox has 3 NICs - 3rd one I use for PVE management.
VF router used as AP only now (before it was both: router and AP), as I managed to get into ISP from Opnsense (WAN) using PPoE
I am at the very beginning of the journey but I like it ;-)
I am also looking for some advices on how to but slowly will get there ;)
Pages1
