Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - g29

Pages1
#1
General Discussion / DEFAULT block lists
May 17, 2025, 03:13:25 AM
FWIW, here are the URLs for the current DEFAULT block lists (generated from the "Services > Unbound DNS > Blocklist > Type of DNSBL" pulldown check list) in version 25.1.6_4-amd64.

Compare them against your USER DEFINED lists to avoid duplicates.

Code Select
http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&mimetype=plaintext (block: 3440 wildcard: 0)
https://adaway.org/hosts.txt (block: 6540 wildcard: 0)
https://big.oisd.nl/domainswild (block: 177807 wildcard: 177807)
https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt (block: 435144 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt (block: 154554 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/crypto-nl.txt (block: 23758 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/drugs-nl.txt (block: 26031 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/facebook-nl.txt (block: 22459 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/fraud-nl.txt (block: 196082 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/gambling-nl.txt (block: 2500 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt (block: 435214 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt (block: 190221 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/piracy-nl.txt (block: 2153 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/porn-nl.txt (block: 500281 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt (block: 1904 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt (block: 108684 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt (block: 1274 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/tiktok-nl.txt (block: 3699 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/torrent-nl.txt (block: 2623 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt (block: 15070 wildcard: 0)
https://blocklistproject.github.io/Lists/alt-version/youtube-nl.txt (block: 24280 wildcard: 0)
https://nsfw.oisd.nl/domainswild (block: 447829 wildcard: 447829)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/anti.piracy.txt (block: 10108 wildcard: 10108)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/doh-vpn-proxy-bypass.txt (block: 4302 wildcard: 4302)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/dyndns.txt (block: 1391 wildcard: 1391)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/fake.txt (block: 11450 wildcard: 11450)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.medium.txt (block: 281251 wildcard: 281251)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.mini.txt (block: 129936 wildcard: 129936)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.txt (block: 565695 wildcard: 565695)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/hoster.txt (block: 2110 wildcard: 2110)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/light.txt (block: 42223 wildcard: 42223)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/multi.txt (block: 153900 wildcard: 153900)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/nosafesearch.txt (block: 183 wildcard: 183)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/popupads.txt (block: 102841 wildcard: 102841)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.mini.txt (block: 54878 wildcard: 54878)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.mini.txt (block: 68301 wildcard: 68301)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt (block: 303359 wildcard: 303359)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.txt (block: 213448 wildcard: 213448)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.medium.txt (block: 320047 wildcard: 320047)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.mini.txt (block: 83140 wildcard: 83140)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.txt (block: 655058 wildcard: 655058)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/ultimate.mini.txt (block: 81657 wildcard: 81657)
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/ultimate.txt (block: 325213 wildcard: 325213)
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (block: 170009 wildcard: 0)
https://small.oisd.nl/domainswild (block: 43527 wildcard: 43527)
https://threatfox.abuse.ch/downloads/hostfile (block: 65621 wildcard: 1)
https://v.firebog.net/hosts/AdguardDNS.txt (block: 106312 wildcard: 0)
https://v.firebog.net/hosts/Easylist.txt (block: 27916 wildcard: 0)
https://v.firebog.net/hosts/Easyprivacy.txt (block: 42361 wildcard: 0)
#2
General Discussion / [FEATURE REQUEST] Unbound blocklist duplicate list and duplicate domain removal
May 16, 2025, 08:45:13 PM
I have been experimenting with the Unbound Block List (DEFAULT and USER DEFINED) functionality.

It appears that the DEFAULT list removes duplicate domain and domain pattern entries.

Example: If I select all OPNsense DEFAULT options, the logs indicate it loads over 6M individual entries and coalesces it down to @ 3.5M unique entries.  Unfortunately, this final list does not appear to be written to disk for final inspection.

It is not clear if the same thing happens with the USER DEFINED lists and it appears it does NOT remove duplicates between the DEFAULT and USER DEFINED lists.

Example: If I add some of the same lists that are in the DEFAULT lists into the USER DEFINED LISTS, the final aggregate number increases (should NOT increase because they are identical duplicate lists, URLs are identical). 

A simple strcmp() of the list URLs would eliminate such duplicates along with a possible warning log for the user to clean up his duplicate main lists.

Also, it would be nice if both DEFAULT and USER LISTS would have granular duplicate removals at the domain and domain pattern levels (e.g. sort -u).

#3
24.7, 24.10 Series / Re: Dashboard Firewall Widget
May 15, 2025, 05:30:04 AM
The JavaScript code for the "Lobby > Firewall" widget (and other widgets) is located in the following directory:

/usr/local/opnsense/www/js/widgets

In Firewall.js, there are a few things you can change including the length of the top table entries and the threshold when the Firewall Widget transitions between a Pie Chart and a Table.

I was able to change the Cpu.js and the Traffic.js widgets to increase the duration of the X-axis to plot a longer duration history.

Since JavaScript is interpreted, you don't need to recompile it.

Code at your own risk.
#4
General Discussion / Newbie Tip: OPNsense, Unbound, Suricata, Pi-Hole and Perplexity.ai
May 13, 2025, 11:56:23 PM
A tip for newbies.  I used Perplexity.ai to answer a bunch of questions to setup and test the following OPNsense configuration. 

Perplexity is not always correct and you may have to restructure your question(s), but it can in many cases point you in the right direction, quickly locate the right menu option and the appropriate documentation pages.

Hope this tip might be of help to someone.  It helped me expedite the learning process in a timely fashion including learning I could use most of my existing Pi-Hole lists in OPNsense's Unbound blocking lists.  I have been able to eliminate my Pi-Hole server including redirecting all other DNS server requests through the block lists.

Was able to pen test the WAN interface and load test - saturate WAN/LAN and LAN/LAN Bridge connections with bi-directional/full-duplex iperf3 traffic to test the scalability and resource consumption of the configuration.

#5
General Discussion / FIXED !!!
May 07, 2025, 07:02:46 AM
The factory reset must have blow away the coretemp package.

Using the ssh console, MANUALLY reloading the coretemp package restored the CPU temps.

Code Select
kldload coretemp

Also appears to be a WEB GUI setting.

Code Select
System > Miscellaneous > Thermal Sensors > Hardware > Intel Core CPU on-die thermal sensor (coretemp)



Code Select
hwstat
Current Unit
[Coretemp]
CPU0: 23.0 C
CPU1: 23.0 C
CPU2: 24.0 C
CPU3: 24.0 C
CPU4: 23.0 C
CPU5: 23.0 C
CPU6: 22.0 C
CPU7: 22.0 C
[ACPI Thermal]
tz0: 27.9 C
[ACPI Thermal]
tz1: 29.9 C
#6
General Discussion / Web GUI - Lost CPU Core Temps, Only Zone temps remain - FIXED - kldload coretemp
May 07, 2025, 05:38:06 AM
Newbie question.  I am running OPNsense on a Dell Optiplex (6th Gen Intel) and had CPU temps working in the GUI.



I did a factory reset and switched from a "transparent network bridge" to a conventional "firewall router" config with Unbound block lists and Suricata.

During the process, I am no longer getting any CPU temps in the web GUI.



Running various CLI commands also only turns up 2 Zone temps.

Code Select
root@OPNsense:/tmp # hwstat
Current Unit
[Coretemp]
CPU0: Cannot get temperature
CPU1: Cannot get temperature
CPU2: Cannot get temperature
CPU3: Cannot get temperature
CPU4: Cannot get temperature
CPU5: Cannot get temperature
CPU6: Cannot get temperature
CPU7: Cannot get temperature
[ACPI Thermal]
tz0: 27.9 C
[ACPI Thermal]
tz1: 29.9 C

root@OPNsense:/usr/local/etc/suricata # sh -c 'sysctl $(configctl system sensors)'
hw.acpi.thermal.tz0.temperature: 27.9C
hw.acpi.thermal.tz1.temperature: 29.9C
root@OPNsense:/usr/local/etc/suricata # sysctl -e `sysctl -aN | fgrep temperature` | sort
hw.acpi.thermal.tz0.temperature=27.9C
hw.acpi.thermal.tz1.temperature=29.9C
root@OPNsense:/usr/local/etc/suricata # sysctl -e `sysctl -N dev.cpu hw.acpi.thermal | fgrep temperature` | sort
hw.acpi.thermal.tz0.temperature=27.9C
hw.acpi.thermal.tz1.temperature=29.9C
root@OPNsense:/usr/local/etc/suricata # sysctl -aF | awk -F ": " '$2 ~ "^IK" { print $1 }' | grep -v "\._" | sort
hw.acpi.thermal.tz0.temperature
hw.acpi.thermal.tz1.temperature
root@OPNsense:/usr/local/etc/suricata # configctl system sensors
hw.acpi.thermal.tz0.temperature
hw.acpi.thermal.tz1.temperature


Anyone have any ideas what would case the loss ?

Currently running OPNsense 25.1_5_5-amd64, FreeBSD 14.2-RELEASE-p2

Thanks in advance for any ideas/suggestions.
#7
Intrusion Detection and Prevention / Re: Just ran out of space in queue - Suricata Crash
May 07, 2025, 01:16:36 AM
Quote from: someone on May 06, 2025, 11:45:13 PMI changed IPS>Administratiom>Settings Advanced and changed pattern matcher to Hyperscan
As pointed out by user geotek
And Detect profile to medium, may not have needed to change that
Its working for now

This is Suricata version 7.0.10 RELEASE running in SYSTEM mode

229,718 Rules

"Error   suricata   [100736] <Error> -- Just ran out of space in the queue. Please file a bug report on this"

Web GUI > Services > Intrusion Detection > Administration > Settings > Advanced:  (Hyperscan and Medium)

Thanks for posting the queue size work around. 

I am just learning OPNsense and the queue size error started today enabling/configuring Suricata. 

It looks like the Suricata rule processing is single threaded (had a ssh top window running). 

I have 8 threads and 32GB of memory and it still ran out of queue space.

The work around in your post resolved this.

Pages1