Messages

Got an email notification that a Syn flood has been detected.

Only thing is I cant find any settings in zenarmor that relate to syn flood or how to even turn it on or off and no understanding what to actually do about it or check if the alert is reasonable. How can I check anything at all or set anything at all that relates to a syn flood?

Kind regards
P

Thanks that post helped.

On upgrading I had some errors in the firewall log and traffic issues.

I eventually got it working but was unsure what change I made to resolve it, as I made several changes to bring traffic back online. The errors I saw were:

2024-01-31T15:14:44-05:00   Error   firewall   There were error(s) loading the rules: pfctl: DIOCADDRULENV: Argument list too long   
2024-01-31T15:14:44-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -f /tmp/rules.debug.old' returned exit code '1', the output was 'pfctl: DIOCADDRULENV: Argument list too long'   
2024-01-31T15:14:44-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT'   
2024-01-31T15:13:34-05:00   Error   firewall   There were error(s) loading the rules: pfctl: DIOCADDRULENV: Argument list too long   
2024-01-31T15:13:34-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -f /tmp/rules.debug.old' returned exit code '1', the output was 'pfctl: DIOCADDRULENV: Argument list too long'   
2024-01-31T15:13:34-05:00   Error   firewall   /usr/local/etc/rc.filter_configure: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT pfctl: DIOCSETTIMEOUT'   
2024-01-31T15:12:55-05:00   Error   firewall   There were error(s) loading the rules: pfctl: DIOCADDRULENV: Argument list too long


Things I did were delete old disabled gateways not in use, cleared several FW rules, cleared several aliases and other changes like this.

On 24.1, if you click Firmware - Status - Resolve Plugin Conflicts - view and edit local conflicts you get that os-sensei-db (missing).

How can we resolve this?

Kind regards
P

Hi,

The current release does not support the kernel module. However, there is good news - the upcoming release, version 1.16, will include support for the WireGuard kernel module. This new release is planned to be shipped at the beginning of December.

That is great news, thank you!

Hi There,

I would like to use zenarmor with a wireguard interface but I believe this can only be done with the GO implementation. However GO has not been updated since 1.3 and kernel wireguard is now on 2.5. Is the only method to get this working to use this old version of the package that is no longer maintained?

Kind regards
P

In the video referenced that started this post I clearly do not agree with the changes they made and I discuss the challenges of open source in general with a focus on the FreeBSD and if we don't have strong contributors then the downstream ecosystems will suffer from that. 

We all benefit from good discussion on these topics and sharing knowledge so If there are things I am wrong about, let me know.

Thank Lawrence for your input. The OP was not intended to be mean spirited towards you and I agree discussion is good. People will always be passionate so just stay safe and dont take it too personally is all I can say. I was disappointed in what you said which is why I sought clarification here but Im not attacking your character or suggesting that you act in bad faith in any way or anything like that. I like your videos and I encourage people not to get too worked up and stay civil. Your input is appreciated even if it is a perspective not what we expected. In some ways thats even more valuable as we can learn from it :)

Laters
-P

Interesting. Thanks. A lot of us are totally reliant on news like this since we dont follow all the drama as closely.

Thank you for clarifying. Unclear why he says this. Disappointing as he has a big YT channel.

At 10 minutes in this video the host insinuates that opnsense does not seem to provide commits (or at least very few) to freebsd? Is this true?

Background of this video is yesterday pfsense have changed their license for home users who were previously offered a more pro version for free and this is being revoked.

https://www.youtube.com/live/rXI6-E1nc5M?si=mSkMmn09d4WyQ6go

Interesting. I will look into it. Thanks.

Hi there,

Since upgrading I have started to get items in my logs I have never seen before as per below:

<see image>

This block rule does prevent devices from accessing a list of IP's in an alias that I have, and 255.255.255.255 is blocked on that port in a firewall rule, so the entry seems valid.

What confuses me is the 0.0.0.0 device is what exactly? And why is it trying to access port 68 UDP (DNS?) to 255.255.255.255?

The other devices are all Unifi AP wifi equipment. (192.168.2.161-164).
Also why do they access 255.255.255.255 on port 10001?

Thank you if anyone has any insight to this.

Pete

I dont know what other screenshots are relevant. I can post any required. I did test from a client machine with do not fragment and fixed ping size, 1472 doesnt work but 1464 size does so the mtu is only 1492. I dont know what other info to give. If I did I would give it to you. I have tried what other people have tried but never can progress the issue so I am stuck. From what I can tell I do the same thing as others but it does not work for me. I use a protectli box so I would imagine its a common setup.

So what's your PPPoE parent device? Do you have any assigned? Do you have MTU set anywhere but the WAN interface itself?

If you want PPPoE to have 1500 the WAN interface must set 1508 and it will set all accordingly up and down the chain of devices. I'm not sure it's more complicated than that now and I fail to explain it any more simple.


Cheers,
Franco

I posted the screenshots and subsequently deleted the parent dummy device as per the advice of the other poster. Nothing has helped at all. I have done exactly as you said.

Interfaces - point to point - devices edit the PPPoE tunnel under advanced no Mtu set?

Correct. Nothing set here.