Messages

Yes, that was it.

A "pfctl -k" after each addition should do the job.

Thanks!

Hello!

I am working on the CrowdSec plugin (not published yet).
The IPS component (firewall-bouncer) takes a list of IPs and fills a table with pfctl.
The list is very dynamic, and usually contains a few thousand addresses, but the
rules are simple and do not change.

All is well on vanilla FreeBSD, where packets are blocked, but not in OPNsense.

What I do

- create an anchor
    freebsd: /etc/pf.conf
    opnsense: $fw->registerAnchor('crowdsec', 'fw');

- add two tables and two rules within the anchor (this is done by the IPS at startup)
   table <crowdsec-blacklists> persist
   table <crowdsec6-blacklists> persist
   block drop in quick from <crowdsec-blacklists> to any
   block drop in quick from <crowdsec6-blacklists> to any

- run the program that adds the IPs with
      /sbin/pfctl -a crowdsec -t crowdsec-blacklists -T add 137.74.x.y


In both cases, the IP is correctly added to the table but in OPNsense, the packets keep passing.

I saw other plugins that manage rules and ban lists with an anchor, but usually for passing packets or port forwarding,
I thought the above should work in my case too.

Am I missing something in the configuration? Anything else?

Thanks

Upgraded the firewall today from 21.7.8 to 22.1
The cowdsec plugin appeared as misconfigured, after a "resolve confilcts" action it is now in an orphaned state. The reason given is "unknown-repository".
Is there a way to re-add the repository to solve, or is it a re-installation, but I imagine the id on the crowdsec console will need to change.

The plugin is orphaned because it has been installed by hand and I suppose misconfigured because it was built under 21.7.
All three packages (crowdsec, firewall bouncer and plugin) can be safely uninstalled/reinstalled.
The configuration files are not overwritten and the machine id stays the same. Just make sure not to remove anything by hand, under /usr/local/etc/crowdsec and /var/db/crowdsec.
You need to install from the appropriate archive from the Releases page, I put a version for 22.1 / freebsd 13.

Thanks for testing!

> I'm willing to do some testing for you. I've installed it and will be feeding back on github. It was surprisingly easy to install.
> Just the execute error at the end but that might be benign.

It probably is, you can grep for crowdsec under /var/log/configd/ to find the reason.
From what I see, the error should come from "configctl crowdsec reconfigure" which can be executed again with no harm.

It can be something as trivial as "asked service to stop when it was not running" .. I'll watch again, thanks

Quick update.

We (CrowdSec) have uploaded a prerelease of the OPNsense plugin here: https://github.com/crowdsecurity/opnsense-plugin-crowdsec

I have not submitted it yet for inclusion in OPNsense because I prefer to have some feedback first, but mostly because the plugin depends on versions of the FreeBSD packages that are still not available in the upstream repository (I have submitted them, just not accepted/built yet). If you don't feel comfortable installing binaries, you can build your own from:

Agent and firewall => https://github.com/crowdsecurity/packaging-freebsd/tree/v1.2.3_1-v0.0.22_1/security

OS plugin => https://github.com/crowdsecurity/opnsense-plugin-crowdsec/tree/v0.0.3

The feature set is pretty complete for the agent and firewall, and the UI of the plugin is minimal but it's a start.
Feel free to ask in the GitHub issues, we need to have a sense of your priorities.

The agent and firewall can work without OPNsense, in that case you just have to enable/start them as directed in the post-install message. The only other configuration required is the creation of an anchor in /etc/pf.conf.

Any suggestion is welcome.