Messages

1

Development and Code Review / Long-term idea: Convert plugins repo to FreeBSD ports overlay

« on: November 21, 2023, 05:18:15 pm »

The custom builds I produce were based on the Dynfi build scripts. These scripts use Poudriere for building all the required OPNsense packages. One thing I would love to do is be able to provide various OPNsense plugins pre-installed in my custom image.

Poudriere supports a concept of a Ports overlay. Overlays are what they sound like: a repository that gets overlayed on top of an existing Ports repository base.

One problem I found was that the OPNsense plugins repository contains duplicated directories for existing ports entries. For example: databases/redis, dns/bind, security/tor. Trying to use the plugins repository as an overlay causes Poudriere to get confused.

I wonder if it would make sense long-term to structure the plugins repo to better support being an overlay on top of an existing ports repository. This would be a pretty major shift from how the plugins repo is handled currently. However, the plugins repository could likely be made more efficient by switching to being an overlay. The plugins repo would gain the full power of the ports framework. Long-term maintenance burden would likely be smaller since the ports framework could be relied upon.

I thought I'd pose the question here and see what people's thoughts are. Obviously someone has to put in the work, and I'd probably put myself on the volunteer list.

2

Development and Code Review / Re: Workaround for OpenSSL 3 support

« on: November 20, 2023, 01:45:51 pm »

I'll give that a shot in m y next build. We just bought a new home and take possession of it this week, so life is about to get REAL busy. :-)

I'll report back when I have info to report. Thanks!

3

Development and Code Review / Workaround for OpenSSL 3 support

« on: November 19, 2023, 10:55:20 pm »

The script that populates the pf alias tables needs a particular environment variable defined. This commit defines it system-wide: https://git.hardenedbsd.org/hbsdfw/HardenedBSD/-/commit/c71238a6229bdc0aa8ada9f627a5a898dd7f9184

I'm not entirely sure this is the best workaround. A more proper fix would be to migrate to newer OpenSSL APIs. This workaround seems to get aliases usable, at least.

4

Development and Code Review / Patch to fix opnsense/filterlog on FreeBSD/HardenedBSD 14

« on: November 15, 2023, 04:42:01 pm »

Hey all,

This patch fixes the build of opnsense/filterlog on FreeBSD/HardenedBSD 14: https://git.hardenedbsd.org/hbsdfw/ports/-/commit/7fb1a456593fece1fc0ea4320a34950e55d18ffc

Thanks!

5

Development and Code Review / pam_opnsense: fix compilation with clang 15

« on: May 02, 2023, 05:16:01 pm »

Hey all,

I don't really use GitHub anymore, but I've patched pam_opnsense to compile with clang 15. This allows OPNsense to be build with HardenedBSD 13-STABLE.

Link to patch: https://git.hardenedbsd.org/hbsdfw/pam_opnsense/-/commit/8a82803fa4cc47b0d1cb909e7ecc7d7be2d636f4

Thanks!

6

20.7 Legacy Series / Re: radvd stops announcing IPv6 prefix after a while (radvd freeze?)

« on: September 08, 2020, 10:51:04 pm »

I've experienced this issue, too.

7

Development and Code Review / Re: UIBootgrid and newlines

« on: August 03, 2020, 11:48:37 pm »

I'm populating a UIBootgrid with some data where a column has embedded newline characters. I'd like to effectively turn them into "<br />" tags. What's the best way to do that?

I would suggest a custom formatter which can be passed in at the constructor.

Yup! Thanks for the hint!

8

Development and Code Review / UIBootgrid and newlines

« on: July 31, 2020, 08:56:42 pm »

I'm populating a UIBootgrid with some data where a column has embedded newline characters. I'd like to effectively turn them into "<br />" tags. What's the best way to do that?

9

General Discussion / Re: is there any possibility to run Linux programs on the opnsense?

« on: July 24, 2020, 05:06:21 pm »

The Linuxulator exists on HardenedBSD, but is not enabled by default. For 32-bit Linux binaries, a custom kernel and userland would need to be compiled/installed. 64-bit Linux binaries should run fine if linux64.ko is loaded. You will need to disable ASLR for that particular Linux binary (use hbsdcontrol for that).

As far as the linux* packages are concerned, OPNsense only ships with the packages it needs. Since OPNsense doesn't rely on anything that needs the linux* packages, they aren't built and are not in OPNsense's package repo. You'd want to enable the FreeBSD package repo and get the linux* packages from there.

10

20.7 Legacy Series / Re: Installing 20.7-RC1 via Firmware -> Update possible?

« on: July 22, 2020, 01:27:35 am »

syslog-ng core dump is the same as 20.1: during service stop it clashes against HBSD and crashes rather than exiting. Since 20.1 syslog-ng is becoming the core syslog daemon so it is even active in local scenarios. Documentation and GUI representation will change accordingly in the coming months.

Hey Franco,

Has a bug report been filed in HardenedBSD's self-hosted git instance? I'd be happy to take a look at the issue, especially if reproduction steps can be provided.

11

20.1 Legacy Series / Re: Boot fail on installer

« on: June 15, 2020, 09:21:01 pm »

Can you boot with vm.pmap.pti set to 0 in the boot loader?

12

Development and Code Review / Re: Confused about InterfaceField select_multiple dropdowns

« on: June 12, 2020, 11:08:35 pm »

I got it working in a weird way. I had to add:

Code: [Select]

<style>tokenize</style>

to the setting in question in the core.git/src/opnsense/mvc/app/controllers/OPNsense/product/forms/generalSettings.xml

I've attached a screenshot.

13

Development and Code Review / Re: Confused about InterfaceField select_multiple dropdowns

« on: June 11, 2020, 04:18:39 pm »

A few days later, I'm still just as puzzled. Does anyone have any ideas?

14

Intrusion Detection and Prevention / Re: FireHOL Block List ( Botnets, Attacks, Malware....)

« on: June 10, 2020, 01:19:41 am »

Completely random thought: checking the list against existing ET Open rules, pruning duplicates.

Another thought: integration with Suricata to not only block on those IPs, but also alert.

15

Development and Code Review / Re: Adding a rc.syshook.d/early script

« on: June 08, 2020, 11:12:41 pm »

Problem solved with `git add --chmod=755 /path/to/script`. Stupid git.