Messages

Hi franco,

it works! Many thanks! Please make the reload configurable in future.

Same here, see https://forum.opnsense.org/index.php?topic=45112.0

This issue shows up when the etpro-telemetry & os-intrusion-detection-content-et-open is installed and the etpro-sensor is switched to et_open because of connectivity issues.
So you have two different et-open sets.

See https://forum.opnsense.org/index.php?topic=45112.0

Hi all,

on one of my OPNSense-Instances (24.10.1) this plug-in is not working anymore.
It downloads the wrong rules (et-open) because the heartbeat does not work.
Also the widget shows nothing.
These OPNSense is running since 2021 without any changes, the sensor token is also the same since ordered in 2021.

/sensor_info.py shows

Code Select Expand

{"sensorId":"--REMOVED--","sensor_status":"DISABLED","last_heartbeat":"2025-01-09T10:12:05+00:00","last_rule_download":"2025-01-09T09:30:38+00:00","event_received":"2022-12-30T21:11:36+00:00","created":"2021-12-15T13:00:09+00:00","disable_date":"2023-01-04T21:11:36+00:00","status":"ok"}
The bad thing is, if the sensor is disabled some time, it downloads a VERY outdated et_open rule package, which is very dangerous because the implemented policies does not working with these outdated rules. So suricata blockes randomely many wrong traffic wich is catastrophical!

Just for the records:

https://forum.opnsense.org/index.php?topic=43625.msg217188#msg217188

Same here but no answer/fix.

Sadly to say, i have the same issue but no solution.
The Firewall live view (Labels) are simply wrong displayed.

deleted

It turned out that the auto-generated rules cause this issue.
Hopefully it will fixed soon.

Just another nonsense, similar rule.

Screenshot here (just one example),
This is a NAT Rule for incoming HTTPS-Traffic to an internal reverse proxy.
This rule is labelled as "Allow Proxy external HTTPS Access".

But instead it shows a completely wrong label.

no such issue on 24.7.7 here. Changed rules recently?

No, only updating OPNsense. Also found it in CE 24.7.6.
To be sure, logging for these rules must be enabled.
And yes, some portforwarding is also required.

I just checked this on my unit CE 24.7.7 and I don't see this behavior.

Thanks for the info.
I checked this on a few firewalls, the problem exists everywhere.
I think this issue belongs to the auto-generated rules.

Does not help, also after rebooting, issue persists.

Just for info, this issue also persists in the community edition OPNsense 24.7.7-amd64

By labels you mean the descriptions used by rules?
And what do you mean wrong? How they are wrong?

Yes, the description and if it is blocked or not, completely wrong.
For example, i have a rule that should allow something (with description/label), the firewall live view shows a wrong (other) rule and blocked instead of allowed, and vice versa.

Hopefully this is only a display-issue. This is a OPNsense-HA-Cluster in a datacenter, so when I saw that, I had a heart attack first.

We have alot of OPNsense´s out there, that´s the first time i saw this.