Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
opnsense IPS blocking Unbound?
« previous
next »
Print
Pages: [
1
]
Author
Topic: opnsense IPS blocking Unbound? (Read 742 times)
furfix
Jr. Member
Posts: 56
Karma: 1
Just another user
opnsense IPS blocking Unbound?
«
on:
August 24, 2023, 11:32:35 pm »
Hi all! Wondering if somebody can help me here
I have configured Suricata on WAN following this blog:
https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/
long time ago...
but something weird is happening since yesterday, and I just don't now what.
I have in a proxmox debian VM running Adguard Home + unbound as DNS upstream on the same machine, and for some reason, Suricata is blocking the resolution of the domain
www.cloudflare.com
This is only happening with cloudflare.com (or at least the one I noticed yet)
The source is my WAN IP and the destination is a cloudflare subnet on port 53.
If I restart IPS service, it looks like it works fine for 30 min / 1 hs, but then Suricata starts again to block it.
Any idea? Is this VM compromised somehow? No ports exposed to internet, or anything. All local.
OPNsense (23.7.2-amd64) is running baremetal in a different box than Proxmox.
Update 1: Suricata is blocking Unbound, it's not blocking Adguard Home.
Update 2: If I remove the WAN IP from the "home network" field in opnsense >> intrusion detection looks like it's working, but I'm not sure if Suricata will capture anything without the WAN IP
Update 3: these are the rules I"m using:
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
opnsense IPS blocking Unbound?