Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - tcmax

Pages: [1]

German - Deutsch / Re: Geräte hinter TP-Link Switch nicht Pingbar

« on: May 19, 2017, 08:42:10 pm »

Entsprechende Routen in der OPNSense für die Subnetze sind angelegt?

Und Rules eine testweise allow any any zwischen den VLANs erstellt?

German - Deutsch / Re: Geräte hinter TP-Link Switch nicht Pingbar

« on: May 19, 2017, 08:25:46 pm »

Nabend,

habe einen TP SG3216 an OpnSense...
Hast Du am OPNSense LAN Port die entsprechenden VLANs angelegt, bzw an LAN gebunden?
Dann taucht ein neues Interface opt mit dem VLAN auf...Guck mal unter Interfaces -> Assignments und Overview nach.

Am SwitchPort zur OPNsense ebenfalls passende VLANs angelegt?

17.1 Legacy Series / Re: Suricata:User defined Rule (GeopIP Blocking) not working

« on: April 29, 2017, 07:04:54 pm »

Yes, it´s set to drop.
The same rule worked the last months without any change and the log files said correctly: dropped.

It´s not just china, a dozend or more... and very comfortable to edit...

17.1 Legacy Series / Re: Suricata using only one core

« on: April 29, 2017, 11:06:56 am »

when i change this parameter, my throughpout drops from 7.6 mb/sec to 5.4 mb/sec :-(
HW: APU2C4

17.1 Legacy Series / Suricata:User defined Rule (GeopIP Blocking) not working

« on: April 29, 2017, 10:51:38 am »

Hello,

OPNSense 17.1.5 up went through without problems, but now in the the logs i find mit (previous working)
rule GeoIP blocking being allowed instead of dropped.
I checked the settings, but verything seems to be ok.
IPS disabled, user defindes rule with a bunch of countries and default action "dropped".
I restartet the servie serveral times, reboot the whole machine, disabled / enabled the rule - no effect.
In the logs i read e.g. Rule Geoip blocking Dest: 123.207.241.38 (china, of course) an action: allowed
Why?
Any idea?

P.S: When IPS enabled, it changes to "blocked" - so far so good, but in the previous opnsense version IPS disabled still
uses my user defined rule, without using e.g. ET rules. Now opnsense seems to use my rule only, when ips enabled.
Disadvantage: IPS enabled hits my performance - throughput drops from 11,5 mb/sec to max 7.6 ...

17.1 Legacy Series / Re: Suricata using only one core

« on: March 29, 2017, 05:09:30 pm »

Here ist a part from the boot logfile.
Maybe that´s the reason...?!

"Starting suricata.
29/3/2017 -- 16:57:19 - <Warning> - [ERRCODE: SC_WARN_FASTER_CAPTURE_AVAILABLE(275)] - faster capture option is available: NETMAP (--netmap=igb1). Use --pcap=igb1 to suppress this warning
29/3/2017 -- 16:57:19 - <Info> - Including configuration file installed_rules.yaml.
Starting CRON...done."

17.1 Legacy Series / Re: Suricata using only one core

« on: March 28, 2017, 06:54:21 pm »

Any chance to force suricata using more cores?

17.1 Legacy Series / Re: Suricata using only one core

« on: March 28, 2017, 05:17:56 pm »

Me too on a APU2C4 with latest 17.1.3

Pages: [1]