31
22.7 Legacy Series / Re: CrowdSec
« on: September 07, 2022, 08:02:41 pm »
Any updates on this? Live logging is still broken in 22.7 I'm sure it works great but something is still messed up.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Hi!
I do not know where to write, so I write here.
In my Firewall:Log Files:Live View, when blocking IP using CrowdSec, a line is displayed indicating only the date and time without any details, and only this is reflected in the details:
__timestamp__ 2022-08-10T12:25:00
action 0x0
anchorname match
dir
interface in
interface_name in
ipversion 240
label
reason 4
rid
rulenr crowdsec
subrulenr em1
At the same time, it is not clear whether the IP address is blocked or not (action 0x0).
@somebod3983 all you need to do to use the WireGuard kernel module is run the command below at the OPNsense cli. No need to uninstall go. May need to restart the service to reestablish any ongoing connections. All current peers and setting in the WireGuard settings gui will be used without any others action needed.Code: [Select]pkg install wireguard-kmod
Hello!
I suppose you are running the 1.0 version (crowdsec 1.3.4), with opnsense 22.7
> Enable Firewall Bouncer (IPS)
> When this is enabled I get no alerts for blocks in the firewall logs.
You mean you don't see anything in /ui/diagnostics/log/core/filter ?
or withCode: [Select]# cat /var/log/filter/latest.log | grep 'blocked by crowdsec'
Is the process "crowdsec-firewall-bouncer" running?
What's in /var/log/crowdsec/crowdsec-firewall-bouncer.log ? If you enable verbose debug in the settings tab, you should see the calls to pfctl there too.
Another thing to try (for ipv4):Code: [Select]# pfctl -t crowdsec_blacklists -T show
Dear zenarmor users,
We've shipped zenarmor 1.11.4-rc1 on the OPNsense 22.7 branch.
This release is meant for compatibility with the upcoming OPNsense 22.7 release.
Please feel free to report any issues you've encountered and we'll get them all sorted out before OPNsense 22.7.
It does coincide
https://www.imagebam.com/view/MEBZHA2
https://www.imagebam.com/view/MEBZHA5
Might be a side effect of https://github.com/opnsense/core/issues/5624
Need to check on Monday.
I need one info from everyone having this issue: under WAN settings, what is your IPv4 type?
Cheers,
Franco
My issue wasfixedalleviated doing the following:
- Navigate to Firewall > Settings > Advanced/li]
- Go to Miscellaneous > Firewall Optimization
- switch from "normal" to "conservative"
This caused any of my "FA" and "FCA" TCP packages to stop being blocked, which was causing intermittent issues in certain applications (like connecting via SSH across different local networks). Changing the algorithm helped me idle a lot longer, but it still disconnects.
This is driving me nuts!
Mellanox ConnectX-3 10gb SFP dual port here, 1 to WAN and 1 to my LAN. No tunables set up.
That’s interesting. I have Chelsio NICs, which are supposedly well supported, but I had to mess around with tunables and settings before I managed to get netmap to run in native mode and offer half decent performance. https://forum.opnsense.org/index.php?topic=25263.0
Good to hear those speeds are achievable. What NICs do you guys use? Did you have to fiddle with tunables in order to get the performance?
Fwiw I looked at Vyatta also but didn’t really see the point. Nftables in itself is straightforward enough so not so much gained vs a vanilla Debian - where you also get more flexibility. In both cases losing out vs OpnSense’s awesome gui.