Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Waschbuesch

#1
Hi there,
I run a opnsense 2700 series FW, running version 25.1.9_2 and just enabled suricata / IPS.

I am not using any of the plugins relating to IDS/IPS, but the 'normal' downloadable rulesets (Administration / Download section).

The Policy / Rule adjustments section has some set of regression I think, because The Msg and Source columns are empty which makes identifying a previous adjustment virtually impossible...

Can someone test that on their setup and verify if this is a bug? Or if someone runs a different version we might pinpoint when this regression happened?

Thanks!
#2
Hi all,

After upgrading to OPNsense 24.7.8, zfs complains about not all features being enabled.
After running
zpool upgrade zroot
the system advises to update the boot code as well.
However, running
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 nda0
results in: gpart: /dev/nda0p2: not enough space
Since the system boots via UEFI (I think), this may be irrelevant, but why did the installer partition the disk like this:

gpart show
=>        3  500118181  nda0  GPT  (238G)
          3     532480     1  efi  (260M)
     532483        311     2  freebsd-boot  (156K)
     532794  482344960     3  freebsd-zfs  (230G)
  482877754   17240430     4  freebsd-swap  (8.2G)


156K looks like deliberately setting the size to exactly what was needed at the time without any kind of reserve for future changes?
#3
Hi all,

I have recently upgraded my two OPNsense firewalls to 24.7 (running 24.7.8 to be precise).
On one the firewall dashboard widget works perfectly.
On the other (*very* busy FW - there are loads of logs available), the widget will endlessly display 'Waiting for data...'

I tried to compare the settings and everything seems identical on the two setups except the one where the widget works is a 'normal' setup while the one where the widget does not work is a 'transparent filtering bridge' type setup.

Also noteworthy: All other visualizations concerning FW-related stuff like Insight or the Firewall:Log Files:Overview work perfectly on both systems.

Any ideas what I may be missing / how to get this to work?

Thanks,
Martin
#4
20.7 Legacy Series / inconsistent tunables?
December 27, 2020, 01:14:10 PM
Hi all,
I just noticed that the default settings for tunables do not seem to match:

net.inet.ip.redirect = 0

but

net.inet6.ip6.redirect = 1


Is there a reason for disabling redirects for ipv4 but not ipv6? Or are the tunables similar only in name but not function (which would be bad, too, I guess.)

Thanks,

Martin
#5
Hi there,

I noticed something weird when trying to prioritize ACK packages.
Selecting "tcp (ACK packets only)" in the proto drop-down results in almost all tcp traffic being matched.
Doing something similar in m0n0wall or even the firewall solution that shall not be named, did not result in comparable behavior.
Though, with those solutions I could (and did) specify the packet size to something very small so only empty ACKs where prioritized. That does not seem to be an option in the OPNsense shaper currently?

If "tcp (ACK packets only)" matches any packet having the ACK flag set, then that is not (to me at least) particularly useful...
#6
20.1 Legacy Series / flowd not working after upgrade.
February 01, 2020, 09:50:17 PM
Hi all,

I upgraded a firewall from 19.7 to 20.1 yesterday.
The upgrade itself went well, but afterwards, flowd is not working.

The passage in config.xml


    <Netflow version="1.0.1">
      <capture>
        <interfaces>lan,opt7,opt10,opt1,opt2</interfaces>
        <egress_only>opt1,opt2</egress_only>
        <version>v9</version>
        <targets>127.0.0.1:2056</targets>
      </capture>
      <collect>
        <enable>1</enable>
      </collect>
      <activeTimeout>1800</activeTimeout>
      <inactiveTimeout>15</inactiveTimeout>
    </Netflow>


/var/log/flowd.log is empty

and the flowd process has zero CPU usage despite running for hours and there being a lot of traffic:


gw01:~ # ps ax | grep flow
6611  -  Is      0:00.00 flowd: net (flowd)
57722  -  Is      0:00.00 flowd: monitor (flowd)


Reboots and deleting the flowd.log and /var/netflow/* files have not made a difference.

I have a very similar setup on another box where this still works even after the upgrade to 20.1

Any ideas what else to try?
#7
17.7 Legacy Series / [SOLVED] c-icap, clamav & size limit
September 19, 2017, 11:52:46 PM
Hi there,

Just saw the following on my firewall at home (OPNsense 17.7.3-amd64):
I have enabled c-icap, clamav and transparent squid (for SSL too) like detailed in the online manual.
What happened is that a large download (XCode update on my Mac) was not bypassed but written to /var/tmp/CI_TMP_XXXX and filled up the disk completely. (the download in question is >5G in size).
Should the configured size-limits for both c-icap and clamav not prevent this sort of thing?