Messages

1

23.7 Legacy Series / Re: Allow only Internet trafic

« on: November 08, 2023, 02:12:32 am »

Thanks!

I create the block rules and after that the allow any..

It works...

A lot of work, but works..

2

23.7 Legacy Series / Allow only Internet trafic

« on: November 07, 2023, 10:14:45 pm »

Hello my friends,

I have a opnsense setup with multiple vlans, and for some of them I do not want inter Vlan comunication, only access to internet.

I created a PASS rule on  vlan1 interface, allowing vlan1 net to wan net. but it does not work...

If I create an allow any to any rule I get internet access on that vlan...

Why my vlan1 net  to wan net not working?

What files I can get in opnsense to post here?

Thanks

3

23.7 Legacy Series / Re: Suricata IPS Multi Tenancy

« on: November 05, 2023, 05:30:00 am »

Friends, I solved my problem...

I will share what I did.

I isolated my children's WiFi network in a VPN, and in that VPN I created firewall rules, blocking the ASN of Facebook, TikTok...

With this I managed to block these sites, and I can still schedule what time to release access, and even what time to block the internet completely, leaving other networks functioning normally.

I went even further and created another VPN for their TVs, and created a schedule to stop the internet at 10 am, so I no longer need to say it's time to sleep...

Thank you all!

4

23.7 Legacy Series / Re: Suricata IPS Multi Tenancy

« on: November 01, 2023, 07:50:01 pm »

Maybe some confusion.
Blocking tiktok. Intrusion detection systems are not meant to be used for this purpose, blocking public services. There are no rules in them to do it. Wrong tool for the job.
If that is the problem you look a solution for, to block TickTok and other public services, you could use AdGuard.

Hi, thanks for the reply!

I saw that the suricata rules already have the Instagram one, so I thought about using it to block TikTok... I've never used AdGuard, is it free? Can it be installed in opnsense?

5

23.7 Legacy Series / Re: Suricata IPS Multi Tenancy

« on: November 01, 2023, 07:47:15 pm »

Maybe a better solution would be to implement Zenarmor for this.

Suricata is for a different use case in my opinion.

Hi, thanks for the reply!

I think of using zenarmor, but for it to have multiple profiles I must pay a for a home edition... It's only $10 dollar, but here in my country it's much...

6

23.7 Legacy Series / Suricata IPS Multi Tenancy

« on: November 01, 2023, 02:25:39 pm »

Hello all!

I'll explain what I need, and what I thought of as a solution, and if you can help me or give me another solution, I'd be grateful.

I would like to create some IPS rules for the entire network, and some specific rules for my children (like blocking tiktok).

What I thought about doing is creating vlans, which would put both the computers and cell phones in a separate vlan, and with that I would apply some rules only to their vlan.

Is this solution correct? Do you have another solution for this?

I saw that suricata accepts multi tenancy, but looking for how to do this in opnsense I couldn't find how to do it.

Thanks!