"
Thank you for the help!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.7, 24.10 Production Series / Re: Can Others More Experienced Check My Rule Logic, Please
October 03, 2024, 06:34:32 PM #2
24.7, 24.10 Production Series / Re: Can Others More Experienced Check My Rule Logic, Please
October 03, 2024, 03:39:59 AM
Thanks,
I just want to make sure my understanding is sane...
I'm setting rules for things that pass as normal, and the reason I was doing it this way is to allow me to log the redirection rules to see which devices are trying to circumvent my internal NTP (and DNS, etc...). If a device is requesting something from my internal servers, fine... They pass with no problems. If something hard codes a different server, I want a log entry saying so.
That's my thinking, I just want to make sure this makes sense in terms of normal firewall procedures. I figured I'd ask to see if there was anything wrong with doing it this way...
So I'm assuming this is fine functionally? Thanks for the advice, I'm by no means an expert. Better to get second opinions. 8)
I just want to make sure my understanding is sane...
I'm setting rules for things that pass as normal, and the reason I was doing it this way is to allow me to log the redirection rules to see which devices are trying to circumvent my internal NTP (and DNS, etc...). If a device is requesting something from my internal servers, fine... They pass with no problems. If something hard codes a different server, I want a log entry saying so.
That's my thinking, I just want to make sure this makes sense in terms of normal firewall procedures. I figured I'd ask to see if there was anything wrong with doing it this way...
So I'm assuming this is fine functionally? Thanks for the advice, I'm by no means an expert. Better to get second opinions. 8)
#3
24.7, 24.10 Production Series / Can Others More Experienced Check My Rule Logic, Please
October 02, 2024, 06:52:09 AM
Good day,
I have a NAT Redirect Rule to port forward any NTP traffic originating from an Alias consisting of all internal networks...
192.168.0.1/24
192.168.1.1/24
192.168.2.1/24
That rule uses an inverted match of the same Alias as a destination, which as I understand, means it would be destined for an IP outside the local network (server on the internet)...
It then forwards that request to 192.168.0.1 NTP to be handled by my internal NTP server.
Does that sound reasonable? My goal is to allow the interface rules to permit NTP traffic locally, but use this redirection to protect against hardcoded devices using an address of their own liking. I intend to do a similar approach with other things, such as DNS... So I want to make sure I'm not insane.
Thanks for the help!
I have a NAT Redirect Rule to port forward any NTP traffic originating from an Alias consisting of all internal networks...
192.168.0.1/24
192.168.1.1/24
192.168.2.1/24
That rule uses an inverted match of the same Alias as a destination, which as I understand, means it would be destined for an IP outside the local network (server on the internet)...
It then forwards that request to 192.168.0.1 NTP to be handled by my internal NTP server.
Does that sound reasonable? My goal is to allow the interface rules to permit NTP traffic locally, but use this redirection to protect against hardcoded devices using an address of their own liking. I intend to do a similar approach with other things, such as DNS... So I want to make sure I'm not insane.
Thanks for the help!
#4
24.7, 24.10 Production Series / Re: Question About Log Files
September 30, 2024, 12:43:23 AM
Thanks, that helps... 8)
#5
24.7, 24.10 Production Series / Re: Question About Log Files
September 29, 2024, 06:23:33 PM
I think my confusion is with these default rules.
If they are created by default, and can't be modified, why on earth does OPNSense clog your logs with them in the first place?
It makes setup so much more difficult.
If they are created by default, and can't be modified, why on earth does OPNSense clog your logs with them in the first place?
It makes setup so much more difficult.
#6
24.7, 24.10 Production Series / Question About Log Files
September 29, 2024, 08:07:57 AM
Hi there,
I switched from pfSense to OPNSense, and one thing that confuses me a bit is the logging of firewall rules.
In pfSense, I could use the default allow any rule and watch the logs to determine existing traffic, and then create rules based off the examined traffic... In OPNSense, all I see in the live logs is the "Allow anything from the firewall host itself", even though I have rules created which are successfully routing traffic.
How can I exclude all these default rules from overwhelming the logs?
Thanks
I switched from pfSense to OPNSense, and one thing that confuses me a bit is the logging of firewall rules.
In pfSense, I could use the default allow any rule and watch the logs to determine existing traffic, and then create rules based off the examined traffic... In OPNSense, all I see in the live logs is the "Allow anything from the firewall host itself", even though I have rules created which are successfully routing traffic.
How can I exclude all these default rules from overwhelming the logs?
Thanks
#7
24.7, 24.10 Production Series / Another DNS Blocklist Question: OISD w/Blocklist.site Targeted Lists
September 17, 2024, 03:30:01 AM
Good evening,
I am currently using the OISD Big List, which says it blocks various categories of bad things. I like that I haven't had issues, but I want to supplement that with the categories available in OPNSense from Blocklist.site. I can't find any real information between the two, and it doesn't look like the OISD list contains any of those lists.
I am considering leaving the OISD for the default ad/tracking protection, since it works. And then supplement with the specific Malware/Scam/Abuse type categories for greater protection. When I do this, I add over 1 million sites to the list, so I was wondering if anyone has any experience with these Blocklist.site lists, and if they break everyday browsing.
To be clear, I am NOT looking to implement the Blocklist.site Ad/Tracking lists... I would leave that for OISD. I just want to have a comprehensive list of bad-guy sites.
I am currently using the OISD Big List, which says it blocks various categories of bad things. I like that I haven't had issues, but I want to supplement that with the categories available in OPNSense from Blocklist.site. I can't find any real information between the two, and it doesn't look like the OISD list contains any of those lists.
I am considering leaving the OISD for the default ad/tracking protection, since it works. And then supplement with the specific Malware/Scam/Abuse type categories for greater protection. When I do this, I add over 1 million sites to the list, so I was wondering if anyone has any experience with these Blocklist.site lists, and if they break everyday browsing.
To be clear, I am NOT looking to implement the Blocklist.site Ad/Tracking lists... I would leave that for OISD. I just want to have a comprehensive list of bad-guy sites.
Pages1
