Messages

At the moment the events tab only shows IP blocks based on the firewall rules you've made with our Alias. In order for the Events tab to get populated you need to have logging enabled on the corresponding firewall rules since the events tab just parses the log files.

For domain (unbound) blocks you can use the unbound reporting -> http://<your-firewall>:<port>/ui/unbound/overview

Thank you! Glad you like it!

Thx! We've found the problem and will be solved soon: https://github.com/opnsense/plugins/issues/5288
Seems a combination of the core and our plugin ;)

Hi Community,

Today we've launched a new GUI for our threat Intelligence portal. As we're always looking for improvements we would love to hear your feedback!

Please shoot :)

Hi Richard,

Well glad that you solved it. Maybe you can share the solution for other users?

Kind regards,

David

I'm experiencing the exact same behavior now after yesterday's update.

I'm experiencing this issue right now. Unfortunately I can't reboot until later. Will write back if rebooting helps.

Was able to do a reboot and it solved the issue.

Can you tell me which version you're running?

Nice! You're more than welcome!

Hi Tangofan,

Yes the plugin is completely compatible with the other plugins, there's no interference at all.

You assumption is right, it also includes a domain list to use in conjunction with Unbound or DNScrypt-proxy. For the IP side of things you need to create firewall rules indeed with the created alias as a source or destination. For the rule order we would advise to test it out, it doesn't really matter which one blocks first in terms of safety. In terms of benchmarking the solutions you could switch them around and compare the hits with each other ;-)

The bug with the Unbound integration has been solved in the latest version of OPNsense 26.1.2 . It should work now!

thank you.   I am using business edition so the plugin will work for me in April.
side note.   is it supported to add the data directly into unbound under
services> unbound dns >  blocklist > (advanced mode) URLs of Blocklists

if so can this be documented on how?

You could make that work with our OpenAPI spec: https://api.qfeeds.com/openapi/#/Feeds/getFeedData

Basically the url would look like https://api.qfeeds.com/api?feed_type=malware_domains&download=0&api_token=xxxxxxxxxx
Obviously replacing the "xxxxx" with your own token.

The Q-Feeds domain blocklist is now visible in the DNSCrypt-Proxy DNSBL.

You cannot view this attachment.

Am I good with just checking it in DNSCrypt-Proxy or do I also have to check the "Register domain feeds" checkbox in Q-Feeds Connect?

I'm just asking because the description only mentions the "Unbound DNS blocklist" so I'm not sure if it is exclusively for Unbound or you just forgot to change the description?

Oops indeed forgot to change the description.. The Register domains needs to be enabled.

EDIT: Created a Pull Request on Github to fix this both in the OPNsense docs as within the plugin.

Anyone here with an idea how to resolve my little problem?

After successful installation of the plugin I want to configure the q-feeds plugin.
If I insert my new API key from my account and activate "register domain feed" I got this error message while apply the config:


Error reconfiguring QFeeds connect

I couldn't find the reason, so if anyone have an idea, let me know.

Hmm interesting we do see active API calls from your account, is the problem solved?

kondmatex-app.com blocked!
thanks

Awesome, glad it works!

I'm still seeing after the upgrade

{
  "status": "OK",
  "action": "Pass"
}

Did you check with a domain which is in the feed? This is one is:

Code Select Expand

kondmatex-app.com

The bug with the Unbound integration has been solved in the latest version of OPNsense 26.1.2 . It should work now!