"Recent posts
#1
Development and Code Review / Re: Automating configuration o...
Last post by Patrick M. Hausen - Today at 09:31:29 PMWell, API for everything *is* on the roadmap because everything will be converted to MVC some time into the future.
I understand it's difficult to give more than the next two or three areas to be worked on by the core devs.
tldr; all of this will come but don't hold your breath for any specific area.
I understand it's difficult to give more than the next two or three areas to be worked on by the core devs.
tldr; all of this will come but don't hold your breath for any specific area.
#2
Development and Code Review / Re: Automating configuration o...
Last post by mvadu - Today at 09:16:22 PMWhile on the subject, can we please add interface assignments APIs to the roadmap? As of now I can create VLANs, but I can't assign them to interfaces via API.
#3
General Discussion / Re: NAXSI
Last post by someone - Today at 09:13:45 PMPlan is to use nginx to decrypt and send packets to suricata where Ill put in some keyword rules to grab the commands in the payload and log all of it and will find out what IP they are coming from, A lot of TLSv1.1 for me so it shouldnt be to difficult.
#4
25.7, 25.10 Series / Re: DNSmasq and Unbound Peacef...
Last post by spetrillo - Today at 08:58:44 PMQuote from: Stormscape on December 24, 2025, 10:40:57 AMQuote from: DEC670airp414user on December 22, 2025, 06:20:19 PMscreen shot 3. i would turn off DNS within dnsmasq. change listen port to 0. you also do not need dnssec enabled if using quad 9Important caveat: You will NOT get name resolution for local DHCP clients if the dnsmasq DNS server is turned off, as Unbound will not read the dnsmasq DHCP client list automatically.
i use unbound and it works 100% reliable.
i setup dns over tls for quad 9 or similar products though.
I am using dnsmasq for local resolution and Unbound is for resolving on the Internet.
#5
General Discussion / Re: ECS and DNSSEC Setup
Last post by spetrillo - Today at 08:57:33 PMI do get a boost from CDNs but I am not sure the juice is worth the squeeze. With that said I am now setup for DoT only and DNSSEC is turned off on both dnsmasq and Unbound.
#6
General Discussion / Re: NAXSI
Last post by Patrick M. Hausen - Today at 08:08:16 PMQuote from: someone on Today at 07:12:05 PMIt can be put on opnsense
No, it cannot. OPNsense is based on FreeBSD, not Linux.
Quote from: someone on Today at 07:12:05 PMConnected to three social media servers and browser servers, about 50 attacks per hour via browser
What exactly is this supposed to mean? When I go to e.g. bsky.app I do not see any "attacks via browser".
Show these attacks or I still call bullshit.
If you mean your browser is opening dozens of connections when you view a website? Yes, of course. That's how the web works, nowadays. It's loading static assets from some CDN, fonts from google, and finally all those wonderful ads combined with "metrics", i.e. tracking mechanisms.
None of this is an attack.
#7
General Discussion / Re: NAXSI
Last post by someone - Today at 07:12:05 PMGoogle quote
Yes, AppArmor logs denied operations, showing
what was blocked (like file opens, writes, or network access), which process (PID, command name), the specific profile, and the resource (file path) it tried to access, visible in kernel logs (dmesg, syslog, journalctl), especially when using aa-logprof for analysis. These logs help you understand and update AppArmor rules to allow legitimate actions while blocking malicious ones
It can be put on opnsense
Connected to three social media servers and browser servers, about 50 attacks per hour via browser, default opnsense stops the others
Blocked commands on the operating system that got past opnsense, chrome, chrun, crun, balena-etcher, tuxedo, busybox, cam, ping, buildah, brave, ch-checkns, etc. and many fragments
How example
Your browser inserts and deletes files at will, without permission
There is a major media app that will take all your files on the copyright premise, without permission
Again how is they have a connection established, some without coming through the front door, this is one new way of hacking
Used by big business, data brokers, bad guys
It can be a video, pdf, something in the webpage thats makes the connection
Mine are coming through major servers, sometimes it switches to names that should not be there and I can see them
I mentioned before I got on a popular shopping site and was connected to 32 servers around the world, I think thats changed, I told them
I mentioned the web has changed and we cant use old block lists because they are being used by the new server systems, they needed more IPs
Some of these server systems are inter linked, example money system, photo storage, advertising, third party systems that dont always show up.
These servers are not monitored, for there security yes, not ours, its a pass through system, they cant, to much traffic
There is more on this type of intrusion on the security sites
As far as I know, thats my guess
I am adding programs to opnsense to stop these from getting past opnsense, opnsense does have the tools
If anyone knows more please let me know
And thanks, I wouldnt be online if it were not for opnsense
Yes, AppArmor logs denied operations, showing
what was blocked (like file opens, writes, or network access), which process (PID, command name), the specific profile, and the resource (file path) it tried to access, visible in kernel logs (dmesg, syslog, journalctl), especially when using aa-logprof for analysis. These logs help you understand and update AppArmor rules to allow legitimate actions while blocking malicious ones
It can be put on opnsense
Connected to three social media servers and browser servers, about 50 attacks per hour via browser, default opnsense stops the others
Blocked commands on the operating system that got past opnsense, chrome, chrun, crun, balena-etcher, tuxedo, busybox, cam, ping, buildah, brave, ch-checkns, etc. and many fragments
How example
Your browser inserts and deletes files at will, without permission
There is a major media app that will take all your files on the copyright premise, without permission
Again how is they have a connection established, some without coming through the front door, this is one new way of hacking
Used by big business, data brokers, bad guys
It can be a video, pdf, something in the webpage thats makes the connection
Mine are coming through major servers, sometimes it switches to names that should not be there and I can see them
I mentioned before I got on a popular shopping site and was connected to 32 servers around the world, I think thats changed, I told them
I mentioned the web has changed and we cant use old block lists because they are being used by the new server systems, they needed more IPs
Some of these server systems are inter linked, example money system, photo storage, advertising, third party systems that dont always show up.
These servers are not monitored, for there security yes, not ours, its a pass through system, they cant, to much traffic
There is more on this type of intrusion on the security sites
As far as I know, thats my guess
I am adding programs to opnsense to stop these from getting past opnsense, opnsense does have the tools
If anyone knows more please let me know
And thanks, I wouldnt be online if it were not for opnsense
#8
German - Deutsch / Re: OPNSense die ersten Anfäng...
Last post by Patrick M. Hausen - Today at 06:41:23 PMLass mich raten: das Ding hat unter anderem eine LED für "Internet OK" oder "Internet kaputt"? Dann ist das, was du beobachtest, wie die Spezis das implementiert haben.
#9
Intrusion Detection and Prevention / Re: custom crowdsec parser for...
Last post by Patrick M. Hausen - Today at 06:38:38 PMYou have never provided any evidency of these alleged "hacks".
#10
General Discussion / Re: Linux mint has apparmor bu...
Last post by Patrick M. Hausen - Today at 06:37:49 PMThere is nothing to harden. A default setup OPNsense cannot be penetrated from outside. Stop spreading complete nonsense for crying out loud.
Merry christmas.
Merry christmas.
