Messages

1

General Discussion / Application Filter for OPNsense

« on: March 05, 2024, 01:25:08 pm »

Hii,

I am reaching out to share my intention to embark on a project to develop an application filter plugin for OPNsense. While I recognize the existence of advanced solutions like ZenArmor, I am keen on developing a plugin tailored to specific needs and preferences, leveraging the potential of Suricata.

This endeavor aims to contribute to the OPNsense ecosystem by providing users with a customizable and efficient tool for filtering applications based on various criteria, empowered by Suricata's capabilities. By harnessing Suricata's robust intrusion detection and prevention features, we can enhance the application filtering capabilities within OPNsense. However, as I delve into this project, I acknowledge the need for guidance and collaboration from the community to ensure its success.

Best,
Harry

2

General Discussion / History Page update: Vulnerability Detected

« on: February 28, 2024, 01:30:07 pm »

Guys,

Displaying the path in the changes captured in the history will make it easier for the intruder to recognize the path, I was wondering would be a more secure way to hide the path and display the change made.

Please share your views on this and a solution is requested!

Best,
Harry

3

General Discussion / getting error in Squid Web proxy SSO (kerberos)

« on: February 28, 2024, 12:20:33 pm »

Hello, guys,

I installed an OPNsense DVD and I installed the plugin squid web proxy. Now I'm encountering an error while configuring the Squid web proxy SSO (Single Sign-On) in OPNsense. The error message I'm seeing is:

An API exception occurred
/usr/local/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php:35: Class "OPNsense\Proxy\Api\ServiceController" not found

I'm unsure about how to resolve this issue. Could anyone guide troubleshooting this error and getting the Squid web proxy SSO working correctly? Also getting this error from OPNsense DVD itself.

Thank you in advance for your help!"

4

General Discussion / How to create group wise and User wise policies to Suricata/DNSBL ?

« on: February 13, 2024, 07:03:08 am »

Hello,

I have a specific question regarding Suricata/DNSBL functionality in any DNS server. When configuring firewall policies, is it possible to assign different rules to different users or user groups?

For example, I want to block access to Facebook for one group but allow it for another group. How can I achieve this? (Facebook access can be based on URL or application)

Thank you,
Harry

5

General Discussion / Restricting plugin dashboard access from outside of the OPNsense UI

« on: February 12, 2024, 08:56:33 am »

Hii,

I have a question regarding the security implications of accessing a mailtrail server (or similar plugin) dashboard from outside OPNsense UI for respective plugins e.g maltrail. like I briefed below:

Here's the scenario: I have configured (WAN IP and listening port) in my OPNsense firewall to allow access to a mailtrail server. now with populating IP address and listening port in URL of any web browser, am getting access to maltrail Dashboard (post Authentication with Credential)

My concern is:

1./ whether this setup poses any security risks, as anyone could potentially access the server by knowing the IP address and port.

2./ whether we can restrict any such (e.g. maltrail etc) Dashboard Access from Outside OPNsense UI.

3./ Also, I want to ask if I can integrate the mailtrail dashboard in the OPNsense dashboard? Is it possible?

I appreciate any insights or guidance you can provide on this matter. Thank you for your assistance.

Best,
Harry

6

General Discussion / Issue with Creating Firewall User via CLI

« on: February 10, 2024, 08:20:15 am »

Guys,

I encountered a situation where I attempted to create a user via the CLI (Command Line Interface) for our firewall system. However, despite executing the necessary commands, I noticed that the user did not appear in the graphical user interface (GUI).

Could anyone please guide the correct command or procedure to create a firewall user via the backend while ensuring they have some GUI privileges? It seems that there might be a specific process or command I may have overlooked.

Your assistance in resolving this matter would be greatly appreciated.

Thank you for your attention to this issue.

Best regards,
Vivek S

7

General Discussion / Re: Creating a user from a newly created user.

« on: February 02, 2024, 05:46:57 am »

Hi Franco,

Thanks a ton for your quick help! You are a genius! Your suggestion worked, and I successfully created a new admin user with the necessary privileges. However, I noticed this new admin can change the root password. Is there a way to restrict such changes to ensure the root user's security?

Although I have gone through this thread https://forum.opnsense.org/index.php?topic=24576.0 But wondering if there is any new update regarding the same?

Best,
Harry

8

General Discussion / Creating a user from a newly created user.

« on: February 01, 2024, 08:37:01 am »

Hii Community,

I have been trying to create a new user from another user i.e. except the root user. I have given all the privileges to my primary user even then my primary user is not able to create a new user it says, "You do not have permission to perform this action."

Can anyone please tell me if it is not possible in OPNsense to create a user except the root user? if not then please guide me on how can I achieve this.

Thanks for the support over the time. Looking forward for a positive response.

Best,
Harry!

9

General Discussion / User Unable to Create/Delete Users Despite Having Full Privileges

« on: January 09, 2024, 12:50:44 pm »

Hello community,

I've set up a user named 'Admin' with all the specified privileges, but despite this, the admin user is unable to create or delete new users. I'm wondering what might be missing in the configuration. Could someone guide me on what is needed to grant the ability for 'Admin' to create and delete users, excluding the root user?

Appreciate your help,
Harry

10

General Discussion / Error while Building ISO

« on: October 26, 2023, 12:23:09 pm »

 Hii,

I was trying to build an ISO from the official tools repository of Opnsense but getting this error. Please help if anyone has already faced this issue.

P.s. I have added a plugin of my own into the plugins folder after make update. Am I getting this error due to a custom plugin? I also have updated the plugins.conf file from the tools repo with the name of my custom plugin as 'www/mycustom_plugin_01'

Please Help


https://ibb.co/K6MBnj7

11

Zenarmor (Sensei) / Re: How to include zenarmor while making the ISO

« on: October 09, 2023, 09:21:21 am »

Thanks for your response, actually I was trying the same. However, I did not understand the third step you mentioned. from where can I download the Zenarmor packages, I could not find the repository...

Thanks,
Vivek.

12

Zenarmor (Sensei) / change hostname and password of the firewall in build

« on: October 09, 2023, 08:25:37 am »

For my opnsense firewall I was trying to include my custom name as a hostname like, vharry.localdomain. Does anyone knows which variable to change in which repository, so that I can get my custom name as hostname after installing the ISO.

Also, I wanted to change the default password. Kindly Help me to achieve this.

13

General Discussion / Block services from backend without using "start/stop" commands

« on: September 29, 2023, 08:52:25 am »

Hii,

Is there any way to restrict a specific user from using a specific service (eg. FreeRadius) from the backend? I created a php script with "start/stop", it is a working command but I am not sure if this is the right way to achieve the desired goal of preventing a user from using a specific service.

What are the possible ways to achieve this in the right way?