Topics

1

General Discussion / os-theme-cicada v1.36 harder to read

« on: July 30, 2024, 08:07:14 am »

Hi All

I wanted to reach out and discuss the Cicada theme, which is a gorgeous dark mode of the stock theme.

I thought the screen brightness was more dim than usual, however, I am finding reading text a little harder unless I cut out more light in the room.

The change happened on package os-theme-cicada version 1.36, from 1.35 .

It feels like the brightness was affected globally, or like an alpha blending of 0.70 was applied against black as the background. I am not a huge fan of the graphics being all around darker, however, can we make the text a bright white, or at least like in 1.35?

Screenshots attached of BE edition (1.35) and CE 24.1.10_8 (1.36). Not shown, but a applies to CE 24.7.0_5 too.

Thanks

YFA

2

General Discussion / Comcast: Issues with their Business router

« on: December 24, 2023, 11:21:56 pm »

Hello

Is anyone else having more than the usual issues with Comcast and its "Business" Router (CBR)?

Initially, I thought the most recent update for Opnsense Business was the problem. I switched to CE with no difference. I believe the issue was exposed when the firewall rebooted.

I tried the USB tethering on my phone and assigned it to WAN with success. If that had not worked I would have tried a spare router with Opnsense CE on it.

This is not a problem for clients, and myself, using Motorola MB8600 modems.

The issues are coming up for those using OpnBE/CE with one of the Comcast Business routers, like the standing model or flat box variations with the corners cut (enjoying the irony). I think all of my clients have the Technicolor brand.

Before leaving on holiday, I was able to fix two clients without having to switch to plain modem. Luckily two are paying for a static IP. On the CBR, I had to switch from Basic Bridge Mode,  to it's normal unbridged mode.

I followed an article to at least shut down as many of the functions on their CBR, like WiFi, firewall etc.

https://forums.businesshelp.comcast.com/conversations/equipment/true-bridge-mode-vs-passthrough-mode/5fe0a58dc5375f08cd7d88fe

This is fine enough for me for my clients with a static IP, however, another affected client has the same OpnBE and CBR combination, but with no static IP. The Opn firewall no longer gets a world IP address, just a local IP on the 10.1.10.0/24 subnet.

Have others been able to get CBR to behave properly with Opnsense when no static IP is available?

Will I live and breathe better if I just switch each of my non static IP clients to a cable modem?

I'm afraid my clients yet unaffected are just sitting on a time bomb. As soon as the equipment has a reason to reboot, or has its power interrupted, boom.

Thoughts, tips, rants, success stories? I lost several hours finding out and figuring out at least something, just before leaving on my trip.

3

Tutorials and FAQs / Favorite Aliases

« on: September 07, 2023, 10:24:51 am »

Hi All

Does anyone have any favorite aliases they use frequently with installations?

Here are some of mine:
firewall_forward_service_port
  53
  123

firewall_localhost
  ::1
  127.0.0.1

firewall_mgt_ports
  22
  80
  443
  8022
  8443
 
firewall_vpn_port

incoming_agrp                          (Group different types to allow SSH, VPN access etc.)
  incoming_asn                         (Specify ASNs for cell net, ISP)
  incoming_host                        (Specify DynDNS hosts)
  incoming_nets                       
                                       
incoming_countries_allow               (Useful for a travel plan)
                                       
link_local                             (Caught once crossing interfaces, made a floating rule to prevent this)
  169.254.0.0/16
  fe80::/10
  ff02::/16
 
local_net_agrp                         (Includes ipv6 of your nets to ensure dual allow/block in rules)
  __x_network
  __y_network
  __z_network
  local_net_nets

local_net_nets                         (Local non-routable networks)
  fe80::/10
  10.0.0.0/8
  172.16.0.0/12
  192.168.0.0/16

outgoing_countries_exception_agrp      (Pierce a strict country restriction rule)
  outgoing_countries_exception_asns
  outgoing_countries_exception_hosts
  outgoing_countries_exception_nets

outgoing_countries_exception_asns
  15149
  32934

outgoing_dangerous_countries
outgoing_dangerous_ports               (Useful for blocking links to ports on the internet)
  20:26
  53
  69
  110:111
  123
  135:139
  161:162
  389
  445
  512:514
  873
  1433
  1521
  2049
  3306
  3389
  5000
  5432
  5900:5910
  6379
  6660:6669
  27017:27018


voip_agrp_port                         (Group together various VoIP for high priority rule)
  voip_tmo_port
  voip_zoom_port
  voip_whatsa_port     

voip_tmo_port
  143
  500
  993
  4500
  5061   
 
voip_whatsa_port
  3478
  5222
  40020
  57923

voip_zoom_port
  5091
  3478:3479
  8801:8810

4

Development and Code Review / Nice to have: Live View in Audit log like in Firewall log?

« on: January 21, 2022, 11:00:50 pm »

Would it be possible to have a live view of the audit log similar to the Firewall live log view with filters and templates? I wouldn't mind it refreshing itself on a filter such as 'not auth' to catch any failed log in attempts to the firewall or openVPN.

Just signed up a 4th client on another 3-year subscription

Thank you and happy 2022

5

20.7 Legacy Series / SSH Advanced settings

« on: March 20, 2021, 06:45:17 am »

Hello

I'm a proud recent subscriber of opnSense Business and loving it. I was curious to see if there is a possibility of adding an open field setting to add additional settings in the SSH configuration.

I know this use case exceeds that of a firewall, however, if possible to shape some access some of the users have such as whether they can open local or remote port forwards, restricting use of sftp, etc. such as with the match condition.

Hopefully an open field is easier to implement than dynamic parsed fields.

Thank you, just a nice to have request