Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - juliocbc

Pages: [1] 2

Portuguese - Português / Repositório Community

« on: July 15, 2021, 03:06:20 pm »

Pessoal,

Colocamos no ar nosso novo repositório community! Com ele agora é possível instalar plugins como o WebFilter 100% via WebGUI.

É totalmente gratuito e tem instruções disponíveis aqui: https://wiki.cloudfence.com.br/

Junto com este lançamento, já disponibilizamos a versão nova do Web Filter plugin, que está redesenhado e permite agora escolher qual blacklist se deseja usar.

Qualquer dúvida, basta responder a esta thread.

Abs!

20.7 Legacy Series / SAD DNS Vulnerability

« on: November 16, 2020, 08:47:15 pm »

Have anyone tested OPNsense's resolvers?

https://www.saddns.net

I found something about DNSCrypt Proxy, but I'm not sure about yet...

https://github.com/DNSCrypt/dnscrypt-proxy/issues/1508

Portuguese - Português / Novo Plugin SquidGuard

« on: September 11, 2020, 02:33:42 am »

Para quem quiser testar: https://wiki.cloudfence.com.br/portugues/instalando-o-plugin

Não é mais necessário registro para fazer o download e testes.

Criei um P.R. para que possa se tornar um plugin oficial e desta forma possa evoluir com o projeto e no formato que a comunidade achar melhor.

P.R: https://github.com/opnsense/plugins/pull/2026

Development and Code Review / SquidGuard - new plugin

« on: September 11, 2020, 02:27:29 am »

SquidGuard based plugin.

Features:
User based rules;
Block websites based on categories;
Custom block pages;
RegEx based rules;
Install and usage:
Logged as root run:

Code: [Select]

#curl https://community.cloudfence.com.br/webfilter/setup.sh -o /tmp/setup.sh ; sh /tmp/setup.sh
Alternative download link:

Code: [Select]

curl https://raw.githubusercontent.com/cloudfence/dev-packages/master/squidGuard-plugin-install.sh -o /tmp/setup.sh ; sh /tmp/setup.sh

After installed, you will need to download a squidGuard compatible blacklist:

Ex.: https://docs.opnsense.org/manual/how-tos/proxywebfilter.html (Step 2 / UT1 category based list)

1-On the WebUI go to: Services: Web Filter: General

2-Set it in the Blacklist Categories URL

3-Click in the Download Button: The download and build database process can take several minutes (depending on the hardware)

4-Enable Web Filter & click Apply

5-Managing rules: https://wiki.cloudfence.com.br/english/managing-rules

TODO
-Port the log viewer to the new OPNsense MVC standard

-Reset blacklist (remove and install it again)

-Multiple blacklists (maybe performance issues with - a lot testing needed!)

-Add groups support in rules; (port from Cloudfence plugin)

-Better frontend integration with Squid native (a.k.a WebProxy)

-Add custom rules to squid (bandwith controls, mime-types based rules, etc)

-Improve Frontend features and capabilities; (with community help!)

-Improve Documentation

-Beautify the code ;-) (I'm not a frontend guy, so please, be kind!)

PR: https://github.com/opnsense/plugins/pull/2026

Web Proxy Filtering and Caching / too many pinger processes - High CPU Load

« on: July 10, 2020, 10:06:00 pm »

Squid is spawning too many pinger processes:

Code: [Select]

root@firewall:~ # ps fax | grep -w pinger | wc -l
     126

Is there a way to limit the number of processes?

Web Proxy Filtering and Caching / Re: NGINX Custom Headers [SOLVED]

« on: April 02, 2020, 08:26:12 pm »

Is it possible to add custom HTTP Headers with a custom proxy_set_header directive?

19.1 Legacy Series / [SOLVED] IPSec Site to Site - Blocking packets

« on: September 18, 2019, 05:54:34 am »

Hi!

I've connected one OPNsense (tried with 19.1.4 and 19.1.10_1) with a Dlink 1660 (NetDefendOS). The tunnel is up and functional, but a very strange behavior is happening after some connectios to a couple of webservers, that are connect to DLink UTM. The ICMP packets are passing by without problems, but the after a few successful HTTP connections, suddenly they starts to be blocked even with a pass any any rule in IPSec firewall rules. If I disable the packet filter (pfctl -d), the problem disappears, but with no firewall at all doesn't make any sense to proceed.

Anyone have experienced something like that? I confess that is very confusing, is looks like some kind wierd bug.

Development and Code Review / Web Filter plugin (squidguard)

« on: August 03, 2019, 04:01:23 pm »

Hello OPNsense community!

Today I've uploaded our webfilter plugin community version at our github. This plugin is a fork from a commercial version that we use in our firewall appliances platform, that runs smoothly in networks with some hundreds of users with active directory sync and windows SSO auth.

We've testing community version here (in some small networks) for 2 months and it's working pretty well! But now it's time to share it with the community so it can be tested and validated by our most exigent users! :-)

We have made a little manual to help the initial setup and usage: https://wiki.cloudfence.com.br

The source code is available at: https://github.com/cloudfence.

The main idea of this plugin is to be another one of the existing options and try to help some users from another platforms that are a little resistant to migrate to OPNsense (because they love the good and old squidguard) to finally have no excuses anymore to become OPNsense users

Let the downloads begin!

Portuguese - Português / Novo MIRROR Brasileiro - Downloads/Updates

« on: August 03, 2019, 02:58:37 pm »

Pessoal,

Nesta última semana disponibilizamos em conjunto com a equipe core do OPNsense um repositório brazuca para facilitar e acelerar o download/updates do OPNsense!

Na hora de fazer o download, em mirrors, escolham Brazil/Cloudfence:

General Discussion / nginx plugin - High Availability

« on: May 22, 2019, 01:53:33 pm »

I didn't find the option in "System: High Availability: Settings" to do the config sync, am I looking in wrong place or it not yet implemented?

Development and Code Review / Wazuh Agent integration - call for tests

« on: May 21, 2019, 11:32:05 pm »

Hi!

I've created this small script to put wazuh-agent to work together with OPNsense. It's working well in one of our environments, till now ;-)

Script:
https://github.com/cloudfence/opnsense-wazuh/blob/master/opnsense-ban.sh

The main idea is to ban an offensor IP address that is often is catch by the wazuh's active response feature.

If you are using OPNsense with Wazuh, I invite you to make some tests and let me know if it will work well for you too!

Installation instructions here: https://github.com/cloudfence/opnsense-wazuh/blob/master/README.md

18.7 Legacy Series / IPSEC BiNAT - Migrating from pfS

« on: February 21, 2019, 05:34:49 pm »

Greetings from IPSec outerspace!

I'm importing a config from an old pfsense with IPSEC Binat enabled, but when I try to create the NAT 1:1 rule, an error is show.

Scenario:
Local Network: 10.20.30.0/24
Translated Address (that is in SPD entry): 192.169.200.16/32

If the subnet mask are the same, the rule is created without problems, but like I've mentioned above, the existing config uses differents masks.

Am I missing something?

Attached the example rule and the error.

Development and Code Review / Script to convert pfSense config XML to OPNsense

« on: January 16, 2019, 04:19:12 pm »

Hi folks!

We're using a small piece of code to help us to convert from pfSense to OPNsense XML config file. It's still in a beta stage, but we're achieving good results with it.

There are known issues that should be corrected/improved. Contributors are very welcome!

https://github.com/juliocbc/shelland/blob/beta/pf2OPN-config.sh

Tested with XML files from pfSense 2.1.X and 2.2.X versions.

18.7 Legacy Series / APU2 - PPPoE System crash

« on: January 15, 2019, 05:49:57 pm »

Hello!

I am experiencing a very weird behaviour with an APU:

Every time that the PPPoE interface cable is unplugged the system crashes!

I found this thread https://forum.opnsense.org/index.php?topic=5697.0 in the forums, but the solution doesn't fit to the our system (APU2 with OPN 18.7.10).

I've tried to disable ACPI, changed the gw monitor daemon (dpinger/apinger) and disabled suricata.

Any ideas?

dump:

Code: [Select]

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x30
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff82652f83
stack pointer           = 0x28:0xfffffe01212f9960
frame pointer           = 0x28:0xfffffe01212f9990
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (dummynet)

Development and Code Review / Captive Portal with external authentication

« on: November 20, 2018, 11:13:13 pm »

Hello!

We have a Captive portal implemented o top of a old pfsense firewall. The thing works with a custom php script (loaded with Captive Portal) that authenticate users in a external portal (API).

We want to change it to a OPNsense's firewall, someone here had implement something like a described above?

Pages: [1] 2