151
German - Deutsch / Re: pfSense mit neuer OPNsense Hardware austauschen
« on: June 24, 2024, 05:55:40 pm »
Öhm, also bei mir kann man auch echter Hardware für jedes Interface eine beliebige MAC zuweisen.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
152
German - Deutsch / Re: Suricata IDS/ IPS erstellt keine Alerts
« on: June 21, 2024, 09:23:54 am »
IPS auf WAN (wenn man nicht gerade jede Menge Ports/Services nach aussen öffnet) -> Eine Menge Noise (ALARM!) ohne Mehrwert, da das meiste über die (fehlenden) WAN-Rules sowieso nie dein Netzwerk erreicht.
153
German - Deutsch / Re: OPNSense - Fritzbox - VOIP Telekom (Pistole auf der Brust)
« on: June 21, 2024, 09:17:09 am »Danke, für heute ist Schicht. Ich versuche es morgen weiter nach der Arbeit.
Die Hoffnung stirbt zuletzt, dann ich durch die Pistole meiner Frau XD
Sexualisierte Gewalt gegen Servicepersonal? Ich würde da mal mit der Polizei sprechen...
154
24.1 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8 - SOLVED
« on: June 20, 2024, 03:31:08 pm »No worries. The placement on the bottom was a deliberate choice to make people aware of all the things that are going to be changed during the update process.
Cheers,
Franco
...bought, but the scroll bar could be slightly more obvious for beginners...
155
Virtual private networks / Re: Isolate Guest-Network Hosts
« on: June 18, 2024, 01:54:08 pm »I thought this would work: (BUT NO)
Protocol Source Destination Description
IPv4 V_GUESTS address V_GUESTS address Block access between clients
But turning on client isolation on my WiFi works
Besides wifi-isolation there is no way to block traffic between clients within the same subnet/interface. The traffic simply doesn't go through your sense, clients talks to each other directly.
156
24.1 Legacy Series / Re: Firewall Rule Question
« on: June 15, 2024, 04:06:26 pm »
routing is "next hop" (... -> WAN IP -> ISP Gateway ->... ), but FW rules should be "target IP"-based.
157
24.1 Legacy Series / Re: Disabled IPS rule comes back to life again and again
« on: June 15, 2024, 04:03:13 pm »
SSD was new when installing OPNsense in March, so apparently not failing SSD. Today the IPS rule came back to life... Sigh...
158
24.1 Legacy Series / Re: Firewall Rule Question
« on: June 13, 2024, 12:12:41 pm »
1. Not fully understood here, but maybe CGNAT on WAN?
159
24.1 Legacy Series / Re: Firewall Rule Question
« on: June 13, 2024, 11:32:48 am »
1. Don't allow to WAN/WANnet. Will break connectivity to web.
2. The default "allow any any" rule is only meant as a starter, even on LAN. Refine it to your taste with specific block/allow rules.
3. To avoid traffic from LAN to OPT1 (and vice versa) place a rule on top of the LAN rules list with "block source: LANnet target: OPT1net" (and vice versa). Rules are evaluated from top to bottom, first match will bite (if standard "quick" is set, otherwise the rule will be evaluated last, but that should be kept for special/advanced configurations).
2. The default "allow any any" rule is only meant as a starter, even on LAN. Refine it to your taste with specific block/allow rules.
3. To avoid traffic from LAN to OPT1 (and vice versa) place a rule on top of the LAN rules list with "block source: LANnet target: OPT1net" (and vice versa). Rules are evaluated from top to bottom, first match will bite (if standard "quick" is set, otherwise the rule will be evaluated last, but that should be kept for special/advanced configurations).
160
24.1 Legacy Series / Re: Disabled IPS rule comes back to life again and again
« on: June 01, 2024, 11:20:48 pm »
Maybe sign for dying SSD? Smart looked good recently, but after update to 24.1.8 the box did not come back. Remote re-install the hard way :-/
161
24.1 Legacy Series / Disabled IPS rule comes back to life again and again
« on: May 31, 2024, 12:39:07 pm »
Hy!
On latest community release here. Have IPS configured and running for years, but due to a change in Linux repos on some machines, a rule for TOR endpoints (co-located on repo IP?) is firing for some time now.
At first I disabled the rule individually, but after 1-4 days the disabled rule turned to enabled again. Several times, for weeks now.
Btw this happenz on TWO installs of OPNsense.
I tried "Policy" and chose the rule set tor.rules (from alerts) and "Action" as "Disabled". Applied. Works for some hours, then the alerts/blocks are back.
What is the way to disable this specific rule/rule set? It's spamming my alert email account.
On latest community release here. Have IPS configured and running for years, but due to a change in Linux repos on some machines, a rule for TOR endpoints (co-located on repo IP?) is firing for some time now.
At first I disabled the rule individually, but after 1-4 days the disabled rule turned to enabled again. Several times, for weeks now.
Btw this happenz on TWO installs of OPNsense.
I tried "Policy" and chose the rule set tor.rules (from alerts) and "Action" as "Disabled". Applied. Works for some hours, then the alerts/blocks are back.
What is the way to disable this specific rule/rule set? It's spamming my alert email account.
162
24.1 Legacy Series / Re: Backup restore from Pen Drive
« on: May 28, 2024, 06:22:18 pm »
You can install with config.xml import during the install process, see Documentation. Same hardware (interface names...) is helpful though... ;-)
If you have a running installation, why mess around with CLI? Go GUI and have the config on your machine with the browser. On CLI you would have to mount the stick on BSD, i guess.
If you have a running installation, why mess around with CLI? Go GUI and have the config on your machine with the browser. On CLI you would have to mount the stick on BSD, i guess.
163
General Discussion / Re: Seeking Guidance on Integrating OWASP Principles into OPNsense Firewall
« on: May 28, 2024, 03:10:03 pm »
The incidence highlights to me that security is not that much a list with checkboxes, but lots of hard work to keep your network closed down and up-to-date.
Avoid the toxic trinity: Windows-Outlook-ActiveDomain and you have a good chance to be safe if you are not a high-value target...
Avoid the toxic trinity: Windows-Outlook-ActiveDomain and you have a good chance to be safe if you are not a high-value target...
164
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: May 28, 2024, 02:34:13 pm »
...you had me at "MDNS"....
165