Topics

1

Intrusion Detection and Prevention / PPPoE with Suricata v5

« on: March 25, 2020, 11:25:33 pm »

Hi all,

Apologies for my lack in understanding of this matter, but will Hardened BSD 12.1 (coming soon for OPNsense) and Suricata v5 allow for Suricata to operate on a PPPoE WAN connection?

From the Suricata website...
https://suricata-ids.org/tag/netmap/

Packet Capture
Netmap support has been rewritten so the more advanced features of netmap, such as vale switches, can be used now.

Napatech usability has been improved.

In reference to this issue from a while back.
https://forum.opnsense.org/index.php?topic=3630.0

Thanks for any advice or updates on this

2

General Discussion / Migrate configuration from one OPNsense to another

« on: February 07, 2020, 02:40:50 am »

Hi all,

Sorry if this is answered elsewhere, and if it is I'd appreciate being pointed to it read up.

I have a running 20.1 instance that I would like to 'move' to another platform (Actually Hyper-v to Proxmox)

My preferred method is to rebuild a new default instance, setup interfaces, then copy the majority of the configuration through backup/restore (removing configuration like interfaces etc. which will no longer match).

If this is a good method... then is it possible to selectively restore multiple sections through the GUI in one go. Rather than one by one of about 30 odd sections.

Thanks for any advice or help with this
Cheers

3

Intrusion Detection and Prevention / Sort IPS rules by Enabled/Disabled

« on: July 19, 2019, 03:39:52 am »

Is it (or would it be) possible to sort IPS Rules by Enabled or Disabled in the GUI.

This would help for ordering rules so they can be easily enabled or disabled in batches from within the GUI.

First searching for your required rules within the 'rules' TAB, then sorting by Enabled or Disabled (Maybe using the far right Column?)

An example is rules within 'trojan-activity' Class Type returns over 20k results. Some enabled and some disabled.
Being able to then sort these using an 'Enabled Column' would then allow easier enabling of any disabled rules in this ruleset. In the same way that sid, Action, Source etc. can be sorted.

Thanks for any advice

4

Intrusion Detection and Prevention / [SOLVED] Bulk switch rules between Alert or Drop in GUI

« on: July 14, 2019, 10:16:19 am »

Is there a way to Bulk Switch Rules between Alert or Drop from within the GUI

I know there is the option under 'Downloads' edit Ruleset, set Filter to 'Drop', however this does not set 'ALL' rules in the selected ruleset to Drop. It only updates a preconfigured set of rules.

Is there a way in the GUI to select multiple rules from a given set of search results, and then select them all to switch from Alert to Drop, or vice versa. Currently this has to be done per rule through editing each rule.
If not can this please be considered as a request for a future update.

Also can you search or list in order rules that either are or are not enabled. This would make the enabling or disabling of rules easier.
When searching for Trojan specific rules for example and enabling/disabling per your requirements, you may receive a list of 28k plus that you cannot easily discern which are enabled or disabled without scrolling through the entire list.

Thanks for any help or advice with regards to this
 

5

19.7 Legacy Series / Feature Request - WiFi Signal Strength in OPNsense GUI

« on: March 05, 2019, 10:19:54 pm »

Hi,

Would it be at all possible to have the WiFi signal strength and Tx/Rx of connected devices to an Access Point show in the OPNsense GUI. Perhaps next to their DHCP Lease?

I understand the AP would need to be interrogated for this information, therefore a supported AP model/brand might be required.

Is this something that could be possible with a future OPNsense release?

Also - Is there a preferred place for feature requests?

6

19.1 Legacy Series / VM of OPNsense on Hyper-V Win Svr 2019 Std - Fails

« on: February 01, 2019, 12:16:07 am »

Hi,

Creating a new VM of OPNsense 19.1 ISO under Hyper-V Server 2019 fails on booting.
OPNsense 18.7 ISO mounted against the exact same VM boots and installs successfully

The failure if soon after the OPNsense boot menu displays

Attached is a screenshot from Hyper-V Console of the OPNsense VM

Running Hyper-V under Windows Server 2019 Standard
Generation 2 (No Secure Boot)
Config Version 9.0 of VM
2 vCPU
4 GB Ram
127 GB Dynamic Disk

Hopefully this is enough to help out

7

19.1 Legacy Series / Feature Request: IPS Widget and Reporting

« on: January 07, 2019, 01:33:22 am »

Hello,

It would be good to have a widget to apply to the dashboard showing recent IPS alert activity. Maybe top rules hit within the last day or week or month.

In addition, it would also be good to have some reporting capability for the IPS located under the Menu Bar 'Reporting'. Maybe views offering something like what Snorby offered some time ago.
Being able to select historic views of what rules have been hit over specified time periods.
Top drops in the last hour, day, week, month...
Top alerts in the last hour...
Which sources and destinations are most frequently creating alerts again within specified time periods
Recent unique alerts within a date range

Obviously it would be ideal to have these reports allow direct updating and changing of IPS rules, but initially better visibility of which rules are being hit frequently etc. would be good.

Loving the product, have worked and played with multiple firewalls through Enterprise, SMB, Home and LAB and find OPNsense solid and easy to use. Been running it for about 2 Years now and have been very happy.

Thanks for all of the great work
Dan