Topics

[UPDATED THIS POST TO SHOW THE CORRECT ANSWER]

UPDATED THIS POST TO SHOW THE CORRECT ANSWER
OPNsense 24.7.12_2-amd64

Set up an alias: Firewall-> Alias
Named it: blocklist
** Type: Host(s)
Content: 34.107.243.93 (single IP example)

Created Firewall Floating Rule: Firewall-> Rules-> Floating
Action: Block
Apply the action immediatly on match: checked
Interface: LAN & WAN
Direction: any
TCP/IP Version: IPv4
Protocol: any
Source: any
Destination: (alias) blocklist

PLACES TO CHECK

If not blocking, Try: Firewall-> Diagnostic-> States-> Actions-> Reset state table

Firewall-> Diagnostics-> Aliases-> (alias name) blocklist
Should show the IP address to be blocked

** ALIAS TYPES

Host(s): This type allows you to define individual IP addresses or subnets (CIDR blocks).
Usage: It's useful when you want to create an alias that contains a list of specific IP addresses
Example: 192.168.1.100, 10.0.0.0/24, 203.0.113.0/32.

URL (IPs): This type allows you to specify a URL that contains a list of IP addresses (the URL will return a plain list of IPs, typically in a text format).
Usage: It's useful for dynamically pulling a list of IP addresses from a URL (such as a publicly available threat intelligence feed).
Example: You could enter a URL that points to an IP blocklist file, and OPNsense will download and parse that list to use it in the alias.
Example URL: https://lists.blocklist.de/lists/all.txt

URL Table (IPs): This type allows you to define an alias based on a list of IP addresses that is fetched from a URL, similar to the URL (IPs) type. However, in this case, OPNsense treats the list as a "table" and will update the list periodically (according to the refresh interval you specify) and maintain it in memory for use in firewall rules.

I keep getting "Error 200" when trying to view the Zenarmor logs or Live Sessions in the GUI. I cant see the logs at all. Also the database will not start, even after reboot. I tried to reinstall the zenarmor packages. That didnt help.

Is there a way to upload custom Suricata rulesets using the GUI? At one point we use to be able to do this but it doesn't look like its availaible any longer. Here was an old way:

Step 1: Navigate to the Suricata Settings

    - In the OPNsense dashboard, go to Services > Intrusion Detection.
    - Click on the "Signatures" tab.

Step 2: Add Custom Suricata Rules

    - Scroll down to the "Local Rules" section.

Here, you can add custom rules directly into the Suricata rule configuration:
You can paste the contents of your custom rules into the box.
Alternatively, you can specify a custom rule file location (more advanced).

[Firewall -> Nat -> Port Forward]

TO get your Plex server Fully accessible outside your network

Firewall -> Nat -> Port Forward
From this page click + (add)
No RDR: unchecked
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Source: Any
Source Port Range: any/any
Destination: WAN Address
Destination port range: (other) 32400/32400
Redirect target IP: Plex server internal IP
Redirect target port: (other) 32400
Pool Options: Default
Description: Plex Media Server
NAT Reflection: Enable
Filter Rule Association: Pass

Services-> Unbound DNS-> Advanced-> Private Domains-> plex.direct

Firewall-> Settings -> Advanced
Reflection for port forwards: checked
Reflection for 1:1: checked
Automatic outbound NAT for Reflection: checked
Firewall Optimization: normal

[Dell DP/N: 0MX846]

Every time I follow these instructions to bridge my LAN & WIFI card I get this error:

Bridging a wireless interface is only possible in hostap mode.

How do I bridge Lan & Wifi?

Trying this: https://forum.opnsense.org/index.php?topic=5066.0
and this: https://www.cyberciti.biz/faq/howto-configure-wireless-bridge-access-point-in-pfsense/

Wifi card is a Dell DP/N: 0MX846.
https://www.pchub.com/uph/laptop/279-79033-1500/Dell-Common-Item-Dell-Wireless-LAN-Card.html

Also tried a Realtek RTL81878 MOW 11b/g and got the same error.

I'm using Suricata IPS. It keeps blocking a single specific IP address with a rule. I would like to keep the rule in place just not block the single IP. What is the correct way to whitelist the IP address so it is not blocked with the Suricata IPS rule?

[Services]

Go to:  Services>Intrusion Detection>Administration>Rules

Browse past page 6 of rules, for the example.
Then click a box to enable any rule (furthest box on the right of rule).
This bring you back to page 1 automatically.

This is very annoying while browsing each page and trying to enable individual rules. You have to remember which page you are on to go back and continue where you left off. Enabling a rule should keep you on the same page you enabled the rule from.

If you have a WiFi card installed in your Opnsense box please let us know what brand and model it is and its limitations you have encountered. Thanks!

What is some of the best ways to view the Firewall & Suricata logs?
Any good plugins for this? Which one do you use? What are the benefits of your choice?

Thanks.

[Step 4]

I am trying to create a transparent filtering bridge.
My setup is: Internet-->Opnsense Filtering Bridge-->Router-->Lan
I followed these instructions: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html?

Step 4. "Now Add an IP address to the interface that you would like to use to manage the bridge. Go to Interfaces -> OPT1 enable the interface and fill-in the ip/netmask." I think these instructions are outdated here. There is nowhere to enter the IP. I assume I can do this by going to Interfaces -> LAN & Interfaces -> OPT1, change the IPV4 configuration type to static and then set the IP address which I did to 192.168.1.3.

My Bridge OPT1 is 192.168.1.3
My Router is 192.168.1.1

I cannot access the Opnsense firewall any longer, but the bridge works.
Any ideas?

[Services]

If you go to:
Services--> Intrusion Detection--> Schedule

It immediately defaults to a Edit Job option. I am unable to view the rest of the crons
or go to another cron to edit. The only way to edit or create another one would be to quickly
click on the edit icon or the + icon to add another cron before the screen goes back to the
Intrusion Detection settings page.

I know there are instructions on how to do this on PFsense:
https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

But if someone has already done this on their Opnsense box, please post a screen capture of it or the exact configuration of yours as it is laid out in Opnsense.

Thanks!

I have been looking for some good instructions on how to set up a bridge to have multiple NICs to act like a router (Bridge the interfaces to act like a switch, like on a SOHO router). The OPNsense guide doesn't really have much on setting one up, only a transparent filtering bridge.

I tried using these instructions for creating a bridge which is for PFSense. The process is nearly identical if not the same as OPNsense on how to Bridge Multiple Lan ports/NICs to act like a router.

My setup looks like this:
0 WAN, 1 LAN, 2 NIC, 3 NIC - I want to get NICs 2 & 3 on the same network as the LAN and lease out IPs on the same network: 192.168.1.2-192.168.1.255.

It seems I cannot get the bridge/NICs to function properly. I can get DHCP to work where other PCs are issued IP addresses but no WAN.

Are there any instructions for this specifically for OPNsense?