Topics

1

22.7 Legacy Series / CrowdSec - Automatically created $crowdsec_blacklists floating rules

« on: January 02, 2023, 08:20:50 am »

G'day All,

Reading here https://homenetworkguy.com/how-to/install-and-configure-crowdsec-on-opnsense/ that "CrowdSec automatically creates floating rules to block all incoming IPv4/IPv6 malicious IP addresses". I can confirm that there are in fact two new floating rules... one for IPv4, the other for IPv6.

Any idea what interfaces these are applied to? Is it just "IN" on WAN or perhaps all non-LAN interfaces? (Specifically interested in CrowdSec here but in general is there a command I could use to review/verify other automatically generated rules as well?)

For the moment, I have created additional floating rules to cover my other external facing interfaces... but it would be nice to know whether they are actually necessary.

Thanks in advance!

2

20.1 Legacy Series / Unbound Custom Parameters

« on: April 10, 2020, 08:34:22 am »

G'day All,

Has been a while since I played with OPNsense. It has been running like a champ. However, I have recently updated to 20.1.4 and note that there has been some discussion on Unbound's Custom Options field regarding its [future] removal.

I've managed to swap over to mimugmail's unbound-plus, which has removed the need for one line from my custom options re DNS filtering (great job mimugmail).

However, at the risk of looking like an idiot, I'm hoping someone can tell me where my other few lines need to be 'moved' to in order to clear the custom options while retaining the same functionality. Hopefully simple and obvious to one of the in-house experts!

Code: [Select]

server:private-address: 127.0.0.0/8
## include:/var/unbound/blacklist.conf
local-data: "local.lan. 10800 IN SOA opnsense.local.lan. root.local.lan. 1 3600 1200 604800 10800"
Thanks in advance,
Guv

P.s. Is # the correct way to comment out the custom options??


 

3

General Discussion / Update from gui/cli

« on: July 15, 2018, 11:16:41 am »

Kinda in the vein of the recent thread: https://forum.opnsense.org/index.php?topic=9096.0

I'm finding that my most recent updates were not possible from the gui (but were fine via cli & console command #12). Additionally, when the updates were completed, they did not show in the gui list of previous updates. Should they? Last update shown is 18.1.10, I am currently running 18.1.12

On the latest update I note the following error message (via console command #12):

Code: [Select]

Fetching change log information, please wait... fetch: transfer timed out
fetch: /tmp/changelog/changelog.txz.sig appears to be truncated: 0/1332 bytes
I am also getting the common gui update message "Firmware status check was aborted internally. Please try again." but this only started recently - could it be related?

Also out of interest;

Code: [Select]

root@OPNsense:~ # pkg info | wc -l
     144
root@OPNsense:~ # pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.txz: 100%    1 KiB   1.5kB/s    00:01   
Fetching packagesite.txz: 100%  135 KiB 138.1kB/s    00:01   
Processing entries: 100%
OPNsense repository update completed. 506 packages processed.
All repositories are up to date.
root@OPNsense:~ # pkg upgrade -n
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (16 candidates): 100%
Processing candidates (16 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
Following on from that previous thread https://forum.opnsense.org/index.php?topic=9096.0, this install is running on ESXi 6.5.0 Update 2 (Build 8294253). Franco's last comment on that thread was that their difficulties were to do with an ESXi 6.7 update. Anyone have the details of what was changed (LRO/TSO settings?) - it is possible that the same change was made to this recent 6.5 build...

Any insights appreciated!