Messages

Hi
There is no documentation on how to filter in the live view.
Is it just "192.168.1.2" for example?

I tried that and it shows nothing.

im interested in trying this out
I only have a 80/20 connection and am using a Celeron dual core mini pc with 4GB RAM.
Will this be too much for my hardware?

Yes I miss having this feature in the UI.
You can do this via exclusion config files but that means SSHing into the router and creating new file and loading it via suricata.

I got the 7th Gen Celeron.
Runs at 43 C :o
I will try fan first then compound change.

There is only 1 person (me) on this network and my WAN speed is 140/50 so dont really need a i5.

That's the preferred method. Really depends how much traffic is on the individual ports. In my case it's Port2 _> Modem_Lan for monitoring purposes and  Port1 -> rest of LAN. I could of course have put the modem onto a second network address range and achieved the same thing, but I went from using a switch to a bridge as it was quicker.

True.
Im currently running my LAN off my Netgear router acting as a WLAN AP and switch but of course its also software switch and not actual switch.

Wont it be easier to have only 2 ports and connect LAN port of opnsense to a switch?
Run everything off switch to get best performance?
Software bridge is not recommended most places.

true thanks

that means I stop using dnscrypt-proxy
:(

Hi all

Just wondering what method most people are using for ad blocking via Opnsense?
I am trying the DNCrypt-Proxy 2 regex filters but they dont seem to work very well on pop up ads.
Next method I have seen is unbound blacklist.

I found the issue.
I was missing:

Code Select Expand

do-not-query-localhost: no
in unbound custom config.
Now my LAN devices can resolve when forwarding to port 5353 in unbound.
thanks

Hi all
I have DNSCrypt proxy 2 set up and running on 127.0.0.1 port 5353.
On opnsense I can use drill to query DNS on that port and it works.
However when I got Unbound forwarder set to :

Code Select Expand

forward-zone:
    name: "."
    forward-addr: 127.0.0.1@5353

all my LAN devices cant query DNS anymore.
When I add 8.8.8.8 to the forwarder it works again.

Any suggestions?

Quick question, you state to disable DNS Query Forwarding but this breaks my clients resolving local hostnames.
I had to enable this to make that work.
Any way for Stubby and GetDNS to work with local hostnames?

Hi
I got DNS Crypt Proxy 2 running on port 5353.
How do I add this to my DNS Forwarder?
I have enabled the forwarder in Unbound via WebGUI but in General settings and DNS servers you cannot put port only IP.
Is only way to edit files via SSH?

thanks

Would that not mean that all routing and firewall and DHCP config would be controlled by the wireless router and not opnsense?