Messages

Do you run crowdsec on the wan or lan interface?

Crowdsec is run globally, i.e. floating rules that simply block listed IP addresses.

When it comes to the rules.  I see on one guide that the wan should be out and on the other guide it should be in.  Do you know which guide is right?

https://www.zenarmor.com/docs/network-security-tutorials/how-to-install-and-configure-crowdsec-on-opnsense

https://homenetworkguy.com/how-to/install-and-configure-crowdsec-on-opnsense/#create-firewall-rules

[populates]

There is no performance penalty on modern hardware since CS is not doing any deep packet inspection but only checks if any of the IP's in the connection is included in the blocklist.

It doesn't even do that. Crowdsec populates a blocklist that is used by the regular high performance packet filter.

That makes sense why it works well with other solutions

On a side note.  Any reason to run CrowdSec and zenarmor together? I always thought they did the same thing.  (still learning some of this as it is a hobby).

I'm doing it and it works without any issues. It does give extra layer of security especially if you run servers.

Do you run it to protect the lan or wan side?  I have not really looked into it much as i though that zenarmor covered it.  But if it helps the wan side as i use quite a bit of port forwarding that would be great.  And if it does not mess with zenarmor that is a must.  Which sounds like it doesn't based on your comment.

The problem with not using UPNP is that I have 7 gaming consoles and 6 gaming computers that all use similar ports.  The problem with assigning each one static is each game requires its own so using UPNP helps keep the management down.  I know it is not perfect but working with what i got.  Do you run crowdsec on the wan or lan interface?

So currently my current setup is just Opnsense with Zenarmor, upnp and smart tools.  I have shaper setup for keeping latency down.  My connection is a 2.5 gig up and down fiber.  I get full speed on my router with no problem.  I am wondering if i need to add something like CrowdSec to the WAN side or something else to protect my firewall.  I am not new with opnsense but never really dug into other addons much.  What are any suggestions on what i might want to add to secure my system more but would not overly complicate management for me.

Thanks for the help

Worked like a charm!  Now on ES 8 and besides using a little more RAM it is working well.  I have plenty of RAM so not really worried just an observation.

It will be nicer when we have the multithreaded version. Just want to make sure that this isn't forgotten.  :)

How are other functions working on that processor? I'm just thinking about my next hardware step and keeping options open. Probably going with OPNsense hardware, but I may need to build my own again. On my E3-1230v5 with 16gb of ECC ram, I get around 600-700 mbps download with ZenArmor, IDS/IPS, and Crowdsec all turned on, we have a 1gbps connection to the web that often does show a real gigabit speed without all the filters.

The CPU with no E cores is working well.  I really enjoy it the speed.  I have been running now for 2 weeks of the 2.5 gb/s connection and had no real bottlenecks.  I do not run a lot of services really just standard firewall, zenarmor and shaper to keep latency down as we are a huge gamer house.   The MB, CPU, Ram and CPU cooler cost a total of like $300.  I had the case, PSU and hard drive already.  It is a normal desktop size but it keeps the X550 nice and cool and is pretty quiet with the fan setup i have.

On a side note.  Any reason to run CrowdSec and zenarmor together? I always thought they did the same thing.  (still learning some of this as it is a hobby).

I am fine loosing traffic data moving from 5 to 8 if i can keep my configuration otherwise.  What would be the steps to swap over

I am kinda supprised that my opnsense with zenarmor is handling my new fiber internet at home.  I have a 2.5 gig connection via fiber at home now.  I know we are not a huge network but around 45 device or more and 5 users.  Here are my specs

I3-14100 4.7 ghz
MSI B760 Pro
16 GB ddr4 3200
WD 850x 1 tb
Dell intel x550-t2 (on the main PCIE port that is CPU bound)

I am currently running ES database 5 on my system.  I was wondering if there are any reasons to upgrade to the newer version of 8?  Also if there are good benifits, is there a simple way to do it?

Thanks!

I currently have 1.2 gig cable internet connection and looking at att fiber. I read that att does not allow true bridge mode like my cable does. Has anyone used opnsense with att fiber in their pass through mode?  How well does it work?

What I should ask more clearly is, are there any comparability issues with those processors with the new cores and opnsense

So right now I am running an i3 8th gen for my 1.3 gig cable connection and it does well. I am looking at moving to fiber and a 2.5 gig connection and think I will need more single core speed for zenarmor. I was looking at the i3 13th or 14th gen. Since I have had such good luck with my current setup, I just wanted to find out if any one had any issues with the newer intel cpus due to the efficiency cores

Just wanted to say that i love how quick both Opnsense and Zenarmor fixed this. Thanks both of you.

Thanks for the help.  I did mess up the icmp rules.  I made a typo and copy and pasted it.  So now they are fixed and working!!   

Now my only issue I am having is my Codol rules for buffer bloat seems to not work on ipv6.  Any ideas how to make it work for v6?