Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - juliocbc

#1
Portuguese - Português / Repositório Community
July 15, 2021, 03:06:20 PM
Pessoal,

Colocamos no ar nosso novo repositório community! Com ele agora é possível instalar plugins como o WebFilter 100% via WebGUI.

É totalmente gratuito e tem instruções disponíveis aqui: https://wiki.cloudfence.com.br/

Junto com este lançamento, já disponibilizamos a versão nova do Web Filter plugin, que está redesenhado e permite agora escolher qual blacklist se deseja usar.

Qualquer dúvida, basta responder a esta thread.

Abs!
#2
20.7 Legacy Series / SAD DNS Vulnerability
November 16, 2020, 08:47:15 PM
Have anyone tested OPNsense's resolvers?

https://www.saddns.net

I found something about DNSCrypt Proxy, but I'm not sure about yet...


https://github.com/DNSCrypt/dnscrypt-proxy/issues/1508
#3
Portuguese - Português / Novo Plugin SquidGuard
September 11, 2020, 02:33:42 AM
Para quem quiser testar: https://wiki.cloudfence.com.br/portugues/instalando-o-plugin

Não é mais necessário registro para fazer o download e testes.

Criei um P.R. para que possa se tornar um plugin oficial e desta forma possa evoluir com o projeto e no formato que a comunidade achar melhor.

P.R: https://github.com/opnsense/plugins/pull/2026
#4
Development and Code Review / SquidGuard - new plugin
September 11, 2020, 02:27:29 AM
SquidGuard based plugin.

Features:
User based rules;
Block websites based on categories;
Custom block pages;
RegEx based rules;
Install and usage:
Logged as root run: #curl https://community.cloudfence.com.br/webfilter/setup.sh -o /tmp/setup.sh ; sh /tmp/setup.sh

Alternative download link:

curl https://raw.githubusercontent.com/cloudfence/dev-packages/master/squidGuard-plugin-install.sh -o /tmp/setup.sh ; sh /tmp/setup.sh

After installed, you will need to download a squidGuard compatible blacklist:

Ex.: https://docs.opnsense.org/manual/how-tos/proxywebfilter.html (Step 2 / UT1 category based list)

1-On the WebUI go to: Services: Web Filter: General

2-Set it in the Blacklist Categories URL

3-Click in the Download Button: The download and build database process can take several minutes (depending on the hardware)

4-Enable Web Filter & click Apply

5-Managing rules: https://wiki.cloudfence.com.br/english/managing-rules

TODO
-Port the log viewer to the new OPNsense MVC standard

-Reset blacklist (remove and install it again)

-Multiple blacklists (maybe performance issues with - a lot testing needed!)

-Add groups support in rules; (port from Cloudfence plugin)

-Better frontend integration with Squid native (a.k.a WebProxy)

-Add custom rules to squid (bandwith controls, mime-types based rules, etc)

-Improve Frontend features and capabilities; (with community help!)

-Improve Documentation

-Beautify the code ;-) (I'm not a frontend guy, so please, be kind!)

PR: https://github.com/opnsense/plugins/pull/2026
#5
Squid is spawning too many pinger processes:

root@firewall:~ # ps fax | grep -w pinger | wc -l
     126


Is there a way to limit the number of processes?
#6
Is it possible to add custom HTTP Headers with a custom proxy_set_header directive?
#7
Hi!

I've connected one OPNsense (tried with 19.1.4 and 19.1.10_1) with a Dlink 1660 (NetDefendOS). The tunnel is up and functional, but a very strange behavior is happening after some connectios to a couple of webservers, that are connect to DLink UTM. The ICMP packets are passing by without problems, but the after a few successful HTTP connections, suddenly they starts to be blocked even with a pass any any rule in IPSec firewall rules. If I disable the packet filter (pfctl -d), the problem disappears, but with no firewall at all doesn't make any sense to proceed.

Anyone have experienced something like that? I confess that is very confusing, is looks like some kind wierd bug.
#8
Hello OPNsense community!

Today I've uploaded our webfilter plugin community version at our github. This plugin is a fork from a commercial version that we use in our firewall appliances platform, that runs smoothly in networks with some hundreds of users with active directory sync and windows SSO auth.

We've testing community version here (in some small networks) for 2 months and it's working pretty well! But now it's time to share it with the community so it can be tested and validated by our most exigent users! :-)

We have made a little manual to help the initial setup and usage: https://wiki.cloudfence.com.br

The source code is available at: https://github.com/cloudfence.

The main idea of this plugin is to be another one of the existing options and try to help some users from another platforms that are a little resistant to migrate to OPNsense (because they love the good and old squidguard) to finally have no excuses anymore to become OPNsense users  ::)

Let the downloads begin!
#9
Pessoal,

Nesta última semana disponibilizamos em conjunto com a equipe core do OPNsense um repositório brazuca para facilitar e acelerar o download/updates do OPNsense!

Na hora de fazer o download, em mirrors, escolham Brazil/Cloudfence:
#10
I didn't find the option in "System: High Availability: Settings" to do the config sync, am I looking in wrong place or it not yet implemented?
#11
Hi!

I've created this small script to put wazuh-agent to work together with OPNsense. It's working well in one of our environments, till now ;-)

Script:
https://github.com/cloudfence/opnsense-wazuh/blob/master/opnsense-ban.sh

The main idea is to ban an offensor IP address that is often is catch by the wazuh's active response feature.

If you are using OPNsense with Wazuh, I invite you to make some tests and let me know if it will work well for you too!

Installation instructions here: https://github.com/cloudfence/opnsense-wazuh/blob/master/README.md

#12
18.7 Legacy Series / IPSEC BiNAT - Migrating from pfS
February 21, 2019, 05:34:49 PM
Greetings from IPSec outerspace!  :)

I'm importing a config from an old pfsense with IPSEC Binat enabled, but when I try to create the NAT 1:1 rule, an error is show.

Scenario:
Local Network: 10.20.30.0/24
Translated Address (that is in SPD entry): 192.169.200.16/32

If the subnet mask are the same, the rule is created without problems, but like I've mentioned above, the existing config uses differents masks.

Am I missing something?

Attached the example rule and the error.

#13
Hi folks!

We're using a small piece of code to help us to convert from pfSense to OPNsense XML config file. It's still in a beta stage, but we're achieving good results with it.

There are known issues that should be corrected/improved. Contributors are very welcome!  ;)

https://github.com/juliocbc/shelland/blob/beta/pf2OPN-config.sh

Tested with XML files from pfSense 2.1.X and 2.2.X versions.
#14
18.7 Legacy Series / APU2 - PPPoE System crash
January 15, 2019, 05:49:57 PM
Hello!

I am experiencing a very weird behaviour with an APU:

Every time that the PPPoE interface cable is unplugged the system crashes!

I found this thread https://forum.opnsense.org/index.php?topic=5697.0 in the forums, but the solution doesn't fit to the our system (APU2 with OPN 18.7.10).

I've tried to disable ACPI, changed the gw monitor daemon (dpinger/apinger) and disabled suricata.

Any ideas?

dump:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x30
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff82652f83
stack pointer           = 0x28:0xfffffe01212f9960
frame pointer           = 0x28:0xfffffe01212f9990
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (dummynet)


#15
Hello!

We have a Captive portal implemented o top of a old pfsense firewall. The thing works with a custom php script (loaded with Captive Portal) that authenticate users in a external portal (API).

We want to change it to a OPNsense's firewall, someone here had implement something like a described above?

#16
Development and Code Review / APU LEDs Plugin
November 08, 2018, 03:16:10 AM
Hello!

I made a simple plugin to get APUs boxes more shiny!

https://github.com/cloudfence/dev-packages (plugin package)

https://github.com/cloudfence/apuled (plugin source code)

I've compiled the LED's module from this source code: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189772

I know that isn't a good idea to put a binary (compiled) in a plugin package, but I don't know exactly how put this module with the plugin yet... maybe build a custom port and put it as plugin dependence... Anyway ideas are very welcome!

This initial version is not very useful yet... but it's a begining!
#17
Hello,

I've have some custom packages that don't show on Menu (Web UI) immediatelly after installation. I've noted if a reboot is done these menus loads OK. I was using those packages on 16.x versions, is there something that needed to be done on 18.7 to load the menus in Web UI?

I've noted that if I remove the cache file: /tmp/opnsense_menu_cache.xml solves the problem, but I want to do it in a "clean way"
#18
Olá pessoal!

Com intuito de nos conhecermos e integrar a comunidade de língua portuguesa do OPNsense, gostaria de saber de onde vocês são e se puderem fazer uma introdução da experiência de vocês com o OPNsense, seria legal!  8)
#19
Intrusion Detection and Prevention / IPS PPPoE Interface
September 20, 2018, 08:33:17 PM
Hi,

I've configured the IPS in two of my firewall interfaces, one a physical interface with static IP address and other with PPPoE. The physical interface I can see alerts as usual, but the PPPoE dont show any alerts.

p.s.: I've HIPS installed in the servers behind (NAT) of the PPPoE and a lot of alerts are showing up.

Anyone with the same problem?

Thanks!