Topics

After upgrading to the latest version
OPNsense 25.1.9-amd64
FreeBSD 14.2-RELEASE-p3
OpenSSL 3.0.16
In the intrusion detection, the user's customization of the IP address has automatically changed from blocking to warning. The continuous attack I set to block and the scanning of my IP address are all unimpeded.
My God, this problem has happened before, I don't know how many times it will happen.

---------------

The official version can be reproduced as follows:
Copy a rule a in a user-defined rule, and then modify the IP address to be blocked into another rule a. After saving and taking effect, check whether these two rules a and b have changed from the original blocking to warning.

thanks...

Versions
OPNsense 25.1.5_5-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16

Services => Intrusion Detection => administration => Alerts

It is blank and the specific content cannot be viewed.

I woke up to see if there is an update I am looking forward to, 25.1.2... I am really lucky, there is a notification that it is coming.
After reading all the update prompts and making backups, I have to say goodbye to 24.7 (I will miss you), and bravely click the update button. The first step is to update to 25.1, and then to 25.1.2. The process is very smooth, and there are no problems on 3 machines, a Dell, a PVE VM, and a small host the size of a palm.
The login interface has also been updated. After entering the system, there will be a prompt at the top. If a crash is found, send feedback on the crash information, which can be regarded as providing a little insignificant help. After restarting again, the error prompt disappears.
It has been running normally for 2 hours, and everything is normal.
Thanks to the hard work of the developers. Since the launch of 25.1, it can be seen that there are still many feedbacks on problems. The pressure must be great.
I wish you all a happy weekend.

It can be seen that there are many problems after the update, and it can also be seen that the official is trying its best to fix various problems. This is just a post of pure thanks and encouragement.
Thank you for a group of people in this online world who are not afraid of difficulties and can be called heroes.
As a user for many years, I can quietly wait for a version with fewer problems, perhaps 25.1.2.
Drink a cup of coffee, wait for 1 month, and then you can deal with other things.
I also admire the users who dare to try new things and report the problems to the official for solution.
24.7 is currently the most stable version. Keep using it, a strong tiger.

Intrusion Detection => Strategy => There are too many entries. Is it possible to have an option of ALL under each category? It is really frustrating to have to choose one by one under each entry. I feel like I am holding a stone to prepare for defense.

I have been reported by Maltrail for a lot of dirty IP access and scanning reported by abuseipdb.com. But I don't know how to integrate abuseipdb.com's IP List into opnsense to block these annoying IPs. Is there any good way to do this? :'(

In setup, I cannot change the settings of interfaces. When I clicked set security zone, I added or deleted status (such as WAN), and after confirming, I clicked restart. However, the deleted status settings reappeared. I tried many times but it didn't work.  :P

It's easy under ROS, just write a script.

If you want to suspend the use of a certain network card at a fixed time and make the network card invalid. Set another time to restore the use of this network card. Meet the need to control network connections. How to implement this function.

在ROS 下很容易，写个脚本就可以。

如果想在一个固定的时间，暂停某块网卡的使用，让这个网卡失效。再设定一个时间，恢复这块网卡的使用。达到控制网络连接的需要。这个功能，要如何实现。

Looking at the many questions in the forum, what I encountered was that the WAN would lose the link within a day.
I chose to fall back to 22.7.8. Waiting for the next major version update.
The 22.7 series is really a lot of tribulations.

I would like to suggest that the official launch of a function: similar to the function of Fail2ban, or cooperate with it. Realized function: When the set number of wrong attempts is exceeded, the IP will be added into a list, and it will be blocked, or the connection will be prohibited for a set period of time. I don't know if such a function is expected by everyone.
The problem now is that some junk ip is constantly scanning and trying. Every day, every hour, it is really disgusting to see. Even if you add a blacklist to the firewall and add major blacklists to Intrusion Detection and Prevention. But in Maltrail, some IPs are constantly doing nasty things.
Not sure if I made my point. Please understand.

OPNsense 22.7.7_1-amd64
FreeBSD 13.1-RELEASE-p3
OpenSSL 1.1.1s 1 Nov 2022

OPNsense 22.7.7_1-amd64 has just been upgraded. everything is normal. Can't use or can't use. Still usable. Just 1 hour ago, there are new discoveries, and I will report again.

=================

unusable： CrowdSec

 :'( :'( :'(

After updating to the latest version, only 2 days later, 16GB of memory can no longer meet the requirements. SWAP has already used 1GB.

The main ones are suricata and maltrailserver. This is also the 2 functions that I have to use.

It used to last for 1 week before overflowing. Started 1 day now. Ask the boss to control this problem. Thank you thank you.

Just upgraded to the latest version.

OPNsense 22.7.5-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022


Can't use it, still can't use it.   ：=>  CrowdSec

Everything works fine.

Thanks Opensense Team.  Nice Team.

OPNsense 22.7.4-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

After restarting and using it for about 3 days, the 16GB memory can no longer meet the demand. SWAP is already using over 400 MB, which is kind of frustrating, seems to have just been fixed in the last version. Please check it out.

OPNsense 22.7.3_2-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

I rebooted after installation.

maltrailserver  CrowdSec  Show me the big red square, is this too tired?   ;D

The Intel network card cannot work in full-duplex mode. In half-duplex mode, there are errors in both incoming and outgoing.

Just upgraded to the latest version：
OPNsense 22.7.2-amd64
FreeBSD 13.1-RELEASE-p1
OpenSSL 1.1.1q 5 Jul 2022
----------------------------------------

There was no problem before, I will give feedback and hope to get attention. Currently in half-duplex mode, it can still be used, but there will be packet errors.

network card that can be used normally



Full-duplex can be used before, but now only half-duplex network cards can be used.



There will be packet errors


;D ;D ;D

 :)   OPNsense 22.1.7_1
Yes. After waiting for a few months, I saw that the version has been iterated to OPNsense 22.1.7_1. Also seeing fewer and fewer questions in the forums, I finally gathered up the courage and clicked the update button. . . In this process, the download file part is not a success. I have done it several times. Fortunately, every update will download a part of the file, and in the subsequent update, it can be used. After 3 update operations, all the files are finally successfully downloaded. After shiveringly pressing OK, after several reboots. Finally upgraded to OPNsense 22.1.7_1. Today is the third day, and it seems that everything has exceeded my expectations. The previous memory leak problem does not seem to have occurred. Maybe in a few days, I'll come back and update this for everyone. I wish you all the best too.
cheers
To the bosses of opnsense. ;D

I sincerely suggest that the official should do enough testing before considering whether to release it as a production version.
Switching to Ver 13 brings with it the sheer number of issues it's daunting. Let me keep the good OPNsense 21.7.8-amd64 until 22.7 comes along.
But I also see good news, the official hardware 850 is finally in stock. ;D