Topics

1

General Discussion / Difficulty Applying Firewall Rules for Network alias for my custom app filter

« on: November 25, 2024, 10:19:03 am »

Hi Guys,

I’ve developed an application filter that utilizes ntop's network analytics to dynamically populate IPs based on the network interface, then assign these IPs to the corresponding pfTable. In my firewall rules, I block the alias at the destination while using the intended interface from ntop as the source. While the solution works, it’s slower than expected, and I’m still optimizing the rule for faster performance. Any suggestions to improve the speed of blocking the application access more promptly would be appreciated.

The issue arises when I try to apply the rule to a specific network alias, such as restricting access for a particular subnet. I’m unable to create a rule that restricts only that specific network alias while maintaining the application filtering logic. I would appreciate any guidance on how to achieve this functionality or optimize my current approach.

Thanks in advance,
VivekSP

2

General Discussion / Missing .crt Download Option in CA Management (OPNsense 24.7)

« on: November 08, 2024, 08:31:33 am »

I've recently migrated a user’s device to OPNsense 24.7 and noticed that the CA management interface has transitioned from legacy code to MVC. While generating a certificate, I can’t seem to find the option to download the .crt file, which was available in previous versions. This is critical for his setup as we rely on accessing the .crt for distribution and further integration.

I've checked available documentation from OPNsense and Zenarmor, but they all reference the older interface where the .crt download option is still mentioned. Have I missed an alternative method for downloading the certificate in 24.7, or is this functionality being updated in an upcoming release?

If there are any new best practices or workflows for managing certificates with this update, I’d appreciate any guidance or references.

Best,
VivekSP

3

General Discussion / Trouble in Unbound with Blocking Persistence

« on: September 16, 2024, 06:16:00 am »

Hello,

I am attempting to block specific websites using Unbound. However, when I block web such as WhatsApp or YouTube, the restrictions persist even after I clear all policies in the DNSBL and flush the state table. The blocked services only resume functioning after a few hours.

Could you please advise if there might be an error in my procedure, or suggest a method to expedite the process?

Thank you.

4

General Discussion / How to Dynamically Visualize IDPS and C-ICAP Logs on the New Dashboard?

« on: August 16, 2024, 07:39:50 am »

Hey everyone,

I'm really impressed with the new dashboard, and I've been working on visualizing the IDPS and C-ICAP logs by adding two new widgets. I've already created static charts for this, but now I'm looking to make these charts dynamic, updating in real-time with the system's counters for malware, trojans, viruses, etc., detected.

Does anyone have any suggestions on how I can pull this data from logs or any other sources to feed into these charts? Any hints or tips on the best approach to achieve this would be greatly appreciated!

Thanks in advance!

5

General Discussion / Creating Domain-Specific Policies with OPNproxy

« on: August 07, 2024, 08:40:19 pm »

Hi everyone,

I've recently upgraded my OPNsense setup to version 24.7 and have been exploring the default policies for OPNproxy. I noticed that the content filtering options are organized by categories in a dropdown menu. However, I'm interested in creating policies for specific domains, such as applying a policy specifically to Facebook, rather than using broader categories like "social-media."

Is there a way to achieve this level of granularity with the current OPNsense version? If not, is there another solution or approach to accomplish domain-specific policies?

Thank you in advance for your help!

Best regards,
VivekSP

6

General Discussion / Captive Portal: Issues, User logout not working

« on: August 05, 2024, 10:17:19 am »

Hi,

recently I upgraded my opnsense 24.1 firewall to 24.7, few issues I noticed while using the Captive portal are:

1. The user is logged in after submitting the form, though you must refresh the page manually. Otherwise, you wont see the logged-in user and logout button

2.  Logout button not working. When I tried to logout the user from the UI of <IP>:8000, The logout button doesn't work. User sessions remains continue.


Am I the only one facing these issues? Looking for a resolution.

Thanks,
Vivek

7

Web Proxy Filtering and Caching / Error while starting squid

« on: July 29, 2024, 07:30:50 am »

Hii,

I faced this following error while trying to start the squid service. Can anyone tell how can I resolve this issue ?
Find the screenshot here:

https://ibb.co/6rhqfPj

Code: [Select]

http://proxy load error
template reload Deciso/Proxy: OK
template reload OPNsense/ProxySSO: OK
Starting squid.
CPU Usage: 6.433 seconds = 6.276 user + 0.157 sys
Maximum Resident Size: 1354512 KB
Page faults with physical i/o: 0
2024/07/29 06:21:03| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/07/29 06:21:03| Starting Authentication on port 127.0.0.1:3128
2024/07/29 06:21:03| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/07/29 06:21:03| Starting Authentication on port [::1]:3128
2024/07/29 06:21:03| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/07/29 06:21:10| Processing Configuration File: /usr/local/etc/squid/pre-auth/20-negotiate.auth.conf (depth 1)
2024/07/29 06:21:10| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2024/07/29 06:21:10| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2024/07/29 06:21:10| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2024/07/29 06:21:10| ERROR: ACL not found: Safe_ports
2024/07/29 06:21:10| Not currently OK to rewrite swap log.
2024/07/29 06:21:10| storeDirWriteCleanLogs: Operation aborted.
2024/07/29 06:21:10| FATAL: Bungled /usr/local/etc/squid/squid.conf line 85: http_access deny !Safe_ports
2024/07/29 06:21:10| Squid Cache (Version 6.10): Terminated abnormally.
/usr/local/etc/rc.d/squid: WARNING: failed to start squid
Looking forward for a resolution.

Thanks
VivekSP

8

General Discussion / Adding New charts to New dashboard and getting the dynamic data

« on: July 01, 2024, 02:28:27 pm »

Hi,

As I cannot upgade my system to 24.7 sooner as it will require a restart when it will be available, yet I want the beautifully made new dashboard on my opnsense fw, I have updated my firewall with the static new dashboard from dashboard branch and I was trying to make it dynamic from writing new APIs from controllers with reference from master branch, still I am not able to get it properly.

Also do guide on adding the new charts for 1. clamAV Logs 2. Squid Logs 3. Suricata logs.

Thanks,
Vivek



Thanks,
Vivek

9

General Discussion / Seeking Guidance on Integrating OWASP Principles into OPNsense Firewall

« on: May 28, 2024, 02:17:58 pm »

Hi there,

I am interested in integrating OWASP principles into my OPNsense firewall setup. Specifically, I am looking for advice or best practices on how to:

./Implement rules or configurations in OPNsense that align with OWASP recommendations.
./Utilize OPNsense features or plugins to mitigate the risks identified in the OWASP Top 10.
./Leverage any available tools or scripts that facilitate the incorporation of OWASP security measures in OPNsense.
./Set up logging and monitoring within OPNsense to detect and respond to the security threats outlined by OWASP.

I believe that by aligning OPNsense with OWASP's best practices, we can significantly enhance the security posture of our web applications and infrastructure.

If any community members have experience or insights on this topic, your guidance would be greatly appreciated. Additionally, if there are any existing resources, or documentation that could assist in this endeavor, kindly point me in the right direction.

Thank you for your time and assistance.

Best regards,
VivekS

10

General Discussion / Limited Group Visibility in Alias Creation with OpenVPN

« on: March 29, 2024, 10:02:05 am »

Hello,

I've been working on setting up an alias with the OpenVPN group, but it seems that only two groups are being displayed, and one of them is "admins." Upon inspecting the code, I found that the API /api/firewall/alias/list_user_groups is returning only these two user groups.

I'm curious as to why this is happening. Is there a reason why other groups aren't appearing? Do you have any suggestions on how I can ensure that all relevant groups are included? Alternatively, do you know if there's a way to modify this API to fetch additional groups?

Thank you for your assistance.

Best regards,
Vivek

11

General Discussion / Custom message in Shell.

« on: January 05, 2024, 09:37:32 am »

Hii,
I was trying to edit and add a custom message to /sbin/nologin shell. From where can I edit this file so that I can get my desired message on the script in ISO? In general, from where do scripts for the Shells are being generated? Kindly help me with this.
Thanks in advance!

12

General Discussion / Aborted Version error in building OPNsense img

« on: October 18, 2023, 02:32:36 pm »

Hii,
I was trying to build an iso with adding a custom plugin into to the plugins repository but somehow my build is giving error in make ports which says "Aborted Version"(Also shown in img below). Please help me resolve this.

Thanks,
Vivek


https://ibb.co/jL2Kk63

13

General Discussion / plist error while adding custom files in the core

« on: October 09, 2023, 07:28:38 am »

Hi,

I have been trying to add some custom php files in the core. But getting plist error while building the iso.
I cloned the tools and then make update. I added the files in the core then did make plist-fix. Then I started make dvd
still getting this error. Please help me on how can I add custom files in the build ISO.

https://ibb.co/88fcDmt

Thank You !

14

General Discussion / Integrating analytical and visualisation dashboard of Elasticsearch7 and kibana

« on: September 30, 2023, 06:35:28 am »

Hii,

I have a requirement to include elasticsearch7 and kibana dashboard visualisation in opnsense firewall, is there any possible way to do this in the same platform, also I need to pre-include this in the dvd iso. Please guide me on this. any reference would be a lot of help.

Thanks,
Vivek

15

General Discussion / Can we Integrate pfelk during build

« on: September 29, 2023, 12:59:35 pm »

Hii,
I was trying to integrate pfelk in opnsense at the time of build, Kindly help or guide me on how I can achieve this.

Thanks,
vivek