Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - grizmin

Pages1
#1
Intrusion Detection and Prevention / Re: Crowdsec whitelist
August 19, 2025, 10:01:30 AM
Adding whitelists as parsers seem to work on 1st glance, but they are not taken into account:
Code Select
my/homelan-whitelist                      🏠  enabled,local            /usr/local/etc/crowdsec/parsers/s02-enrich/my-homelan-whitelist.yaml
my/whitelist                              🏠  enabled,local            /usr/local/etc/crowdsec/parsers/s02-enrich/public-whitelist.yaml
and I still got my local desktop PC banned:
Code Select
root@opn:~ # cscli alerts list -i 192.168.11.69 -a
╭────────┬───────────────────────────────────────────────┬──────────────────────────────────────┬─────────┬────┬───────────┬─────────────────────────────────────────╮
│  ID  │                    value                    │                reason                │ country │ as │ decisions │                created_at              │
├────────┼───────────────────────────────────────────────┼──────────────────────────────────────┼─────────┼────┼───────────┼─────────────────────────────────────────┤
│ 312440 │ lists:otx-webscanners (1035 Ips)              │ update : +1035/-0 IPs                │        │    │ ban:1035  │ 2025-08-19 06:19:49 +0000 UTC          │

│ 311787 │ Ip:192.168.11.69                              │ firewallservices/pf-scan-multi_ports │        │    │ ban:1    │ 2025-08-18 09:37:24.421109652 +0000 UTC │
The only working solution was:
Code Select
cscli allowlists create my_allowlist -d "Trusted Home LAN"
cscli allowlists add my_allowlist 192.168.11.0/24 -d "Home LAN"


root@opn:/usr/local/etc/crowdsec/conf.d # cscli allowlist inspect my_allowlist
──────────────────────────────────────────────
 Allowlist: my_allowlist
──────────────────────────────────────────────
 Name                my_allowlist
 Description        Trusted Home LAN
 Created at          2025-08-19T07:43:22.504Z
 Updated at          2025-08-19T07:43:29.430Z
 Managed by Console  no
──────────────────────────────────────────────

─────────────────────────────────────────────────────────────
 Value            Comment  Expiration  Created at
─────────────────────────────────────────────────────────────
 192.168.11.0/24  Home LAN  never      2025-08-19T07:43:29Z
─────────────────────────────────────────────────────────────
root@opn:/usr/local/etc/crowdsec/conf.d #
#2
General Discussion / opnsense dashboard is killing my chrome tab
October 11, 2024, 10:27:30 AM
Since last update my opnsense dashboard is overloading my chrome(windows) tab to the point the browser wants to kill it.

Is this an isolated problem just on my browser?


#3
General Discussion / Re: VLAN not working after reboot
September 27, 2024, 07:54:35 AM
Thank you. Bringing up parent interface did the trick!

During configuration I noticed the following non-intuitive behaviour:

1. Interface Priority: The order in which network interfaces are brought is triggering the same issue. In Opnsense, the parent interface is typically brought up after the WAN interface, which can lead to (for example) DHCP timeouts during boot if WAN is using VLAN device. To address this, prefixing the parent interface name with a numerical value (e.g., '1dummy') can prioritize its activation, ensuring timely DHCP acquisition during boot.

2. VLAN MAC Address Inheritance: When using custom MAC addresses, it's essential to note that VLANs inherit their MAC addresses from their parent interfaces. To assign a custom MAC address to a VLAN, it must be configured on the parent interface ('1dummy' in my case), rather than directly on the VLAN itself. This is not handled well in the UI and you can define it in VLAN interface, which will have no effect.

#4
General Discussion / [SOLVED] VLAN not working after reboot
September 26, 2024, 10:25:23 PM
I am migrating from pfsense to opnsense. Part of the setup is migrating my 2 WANs to the new OPNsense hardware.

  • Connecting WAN (ixl0) to ESP1 w/o using vlans works just fine.
  • Connecting ESP1 to WAN via vlan (Vlan parent: ixl0 tag 12) works flawlessly until reboot.


    After reboot WAN interface is marked up but no traffic is going through. At all.
     

    • workaround 1: Enable promisc mode actually makes the vlan01 interface work, which solves this issue but creates others.
    • workaround 2: Assigning ixl0 (the parent interface) to WAN makes the vlan01 interface to work. Then re-assigning vlan01(tag: 12) back to WAN solves the issue until the next reboot.
hardware:
Code Select
ixl0@pci0:0:16:0: class=0x020000 rev=0x02 hdr=0x00 vendor=0x8086 device=0x1572 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'Ethernet Controller X710 for 10GbE SFP+'
    class      = network
    subclass   = ethernet
    bar   [10] = type Prefetchable Memory, range 64, base 0xfd000000, size 8388608, enabled
    bar   [1c] = type Prefetchable Memory, range 64, base 0xfde00000, size 32768, enabled
    cap 01[40] = powerspec 3  supports D0 D3  current D0
    cap 05[50] = MSI supports 1 message, 64 bit, vector masks
    cap 11[70] = MSI-X supports 129 messages, enabled
                 Table in map 0x1c[0x0], PBA in map 0x1c[0x1000]
    cap 10[a0] = PCI-Express 2 endpoint max data 256(2048) FLR RO
                 max read 512
                 link x4(x4) speed 8.0(8.0) ASPM disabled(L1)

Any suggestions?
Pages1