Messages

16

General Discussion / Re: Blocking custom list of websites

« on: January 04, 2020, 12:43:53 am »

Thanks. Didn't know about that plug-in. I installed it and I will see how it goes from here.

17

19.7 Legacy Series / Re: GEOIP stopt working

« on: January 03, 2020, 10:49:52 pm »

I didn't see any invoicing. Already got my key, waiting for the OPNsense update now

18

19.7 Legacy Series / Re: GEOIP stopt working

« on: January 03, 2020, 09:57:24 pm »

So I assume this explains why I have US IP's being blocked when my rule states to block any country that is not US. So I guess I need to update the firewall and get the Maxmind account rollin'

Oh my 19.7.9 is not out yet. Better temporary disable my GEOIP rule.

19

General Discussion / Blocking custom list of websites

« on: January 02, 2020, 09:04:52 pm »

At wits end. Read every post I could find and still cannot block a list (alias) of websites.
Tried a LAN and a floating rule, didn't work.
Tried Web proxy, didn't work.
Problem with the proxy approach is I could not get a custom blacklist to be recognized. The official ones work fine.
I even tried coping an official blacklists.tar.gz to my web server and no categories showed up. Didn't work.

So what is the best way to block just 10-15 websites with all the subdomains included?
By the way, some of these websites are HTTPS

20

Intrusion Detection and Prevention / Re: Suricata memory crash

« on: October 15, 2019, 11:55:03 pm »

All is working with the update to Suricata 4.1.5. There was a reported memory leak with the previous version. FYI

21

Intrusion Detection and Prevention / Re: No Internet access when IPS is on

« on: October 15, 2019, 11:53:32 pm »

IDS will lose internet if you restart the suricata service. You have to reboot to fix.
But updating the rules with a download does not affect the connection.

I always wondered why it did this?

22

19.7 Legacy Series / Re: Firewall/Aliases -> Ports not working

« on: October 15, 2019, 11:49:35 pm »

Good point for a patch list. I think the latest update 19.7.5_5 fixed the alias issue.

23

19.7 Legacy Series / Re: GeoIP alias usage

« on: October 15, 2019, 11:32:47 pm »

I used the invert with one country (US) and it works like a charm with very little memory usage.
Very helpful when I want to prevent anyone outside the US to use IMAP on my email server.

24

19.7 Legacy Series / GeoIP alias usage

« on: October 14, 2019, 05:54:54 pm »

If I want to block all but 2-3 countries from accessing particular ports, is it better to select all the countries in the alias, or just select the 3 or 4 and use invert (Not) in the rule. I would assume less resources are used with invert.

What is recommended?

My reasoning is to block IMAP and webmail from all countries except mine (USA). While allowing SMTP.

25

19.7 Legacy Series / Re: Firewall/Aliases -> Ports not working

« on: October 14, 2019, 01:22:18 am »

Latest patch fixed this problem

26

19.7 Legacy Series / Re: Entering alias is not working

« on: October 14, 2019, 01:21:45 am »

Patched worked after a reset

27

19.7 Legacy Series / Re: Firewall/Aliases -> Ports not working

« on: October 13, 2019, 10:57:28 pm »

I found another bug in the GeoIP alias. You can't select any countries. As soon as you save, they all go away.
I had a country list set in my old OPNsense box, which I recently updated. When I restored the Aliases, None of the countries were there.

28

19.7 Legacy Series / Re: reinstall Suricata

« on: October 08, 2019, 05:10:32 pm »

Since Suricata, and who knows what else, is so messed up I decided to start fresh and manually reinstall all the info as soon as my new box comes in.

29

Intrusion Detection and Prevention / Re: [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -2

« on: October 07, 2019, 11:54:14 pm »

Quite a few bugs fixed with Suricata 4.1.5. I would like to see it added to the next update.

30

Intrusion Detection and Prevention / Re: IDS OPNsense VM

« on: October 07, 2019, 11:50:52 pm »

Not all snort rulesets work in Suricata. You may have hit one.