Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - aldocorleone

#1
General Discussion / Rules are messed up
December 09, 2015, 10:11:29 PM
Hi all,

So everything was working quite well, when I had a slight ISP problem.  I needed to reboot the firewall.  I reboot it, and now the rules/nats are literally backwards.

I can access the web configuration/ssh from the WAN, and well this isn't what I had.

What happened? Any help?

Thank you all.
#2
Hardware and Performance / Re: APU1D4, Performance Tuning
November 24, 2015, 03:46:56 PM
FYI, running opnsense with fairly default settings and a few NATs, I'm running at 56-58 C.

When I was running pfSense, which had full IPS, more NATs, I was running at 53.

#3
16.1 Legacy Series / Re: Suricata
November 24, 2015, 03:41:43 PM
Thanks! I might give this a shot.  How's the stability so far? 

As for the pfblocker item.  Using those blacklists was handy, as it would cron update the blacklists so (Spambots, Malware, etc)

It also does deduplication, which I find handy as well.  If this is something that could be added, or alternatives, that would be handy.

I think with Suricata being in IPS mode would help alleviate these concerns a lot, as the default rules has dshield, and will help a lot on the security ends of things.

Thank you for your help!
#4
16.1 Legacy Series / [CALL FOR TESTING] Suricata 3.0
November 22, 2015, 08:26:18 PM
Good afternoon everyone,

First off, I like the opnsense feel and while it still has a common feel to pfsense, I like the tweaks that have been done to it.

I have a couple of questions about it thought.

I mistakenly thought that the suricata implementation provides intrusion prevention (IPS) services, but it does not.  I saw a couple forum hits in that there is some work going on this.  I'm just wondering if there is a rough idea of when this will be made available?

Also, in PFSENSE, there is pfblockerng, is this something that could be ported over to opnsense?

Thank you all.