Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Fast and easy way to protect your home and/or small office network with OPNsense
« previous
next »
Print
Pages:
1
2
3
[
4
]
Author
Topic: Fast and easy way to protect your home and/or small office network with OPNsense (Read 44908 times)
FirstSoul
Newbie
Posts: 36
Karma: 1
Re: Fast and easy way to protect your home and/or small office network with OPNsense
«
Reply #45 on:
September 27, 2018, 01:20:44 pm »
Test it here:
http://www.eicar.org/85-0-Download.html
HTTP blocks it HTTPS not... interesting.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Fast and easy way to protect your home and/or small office network with OPNsense
«
Reply #46 on:
September 27, 2018, 01:53:02 pm »
It's encrypted ... thats all.
You have to do SSL inspection via Proxy to do this
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
jds
Full Member
Posts: 112
Karma: 3
Re: Fast and easy way to protect your home and/or small office network with OPNsense
«
Reply #47 on:
October 11, 2018, 05:58:33 am »
Marcel_75: I have the same issue. There were some errors in the log about one of the lists, which I disabled. But still fails the eicar test.
Followed everything exactly, tried multiple times. No other complaints that I can find in the logs.
Here is the log entry
suricata: [100090] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Quakbot C&C)"; tls_fingerprint:"ff:ff:89:55:e7:62:ca:a2:7b:97:a2:2e:2c:6f:e6:d0:53:a8:f1:9a"; sid:902332065; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 2822
UPDATE: after a few hours, suricata stopped running, and threw no errors in its logs. I noticed that the opnsense howto is different (older) than this post. Importantly, it just suggests adding the WAN interface, and not LAN. So, I removed LAN, but could still download the eicar test files. Does it matter that I am using openvpn client on the firewall?
Second update: I think that it is working now. But this required setting my WAN, LAN and openvpn interfaces for IPS, setting promiscuous mode, and setting pattern to Ago-Corasick (despite having a quad core Intel CPU), and then rebooting. This gave a new message in the log file that I had not seen before:
suricata: [100098] <Notice> -- all 6 packet processing threads, 4 management threads initialized, engine started.
Which looked encouraging. The test at eicar then appears to work. Yeah!
«
Last Edit: October 11, 2018, 06:34:01 pm by jds
»
Logged
xames
Full Member
Posts: 110
Karma: 3
Re: Fast and easy way to protect your home and/or small office network with OPNsense
«
Reply #48 on:
January 18, 2019, 09:23:36 pm »
how to use ips with multiwan settings and internal dns?
thanks.
Logged
marcri
Jr. Member
Posts: 60
Karma: 5
Re: Fast and easy way to protect your home and/or small office network with OPNsense
«
Reply #49 on:
June 05, 2019, 08:14:09 pm »
Hi,
is it possible to change the action of multiple rules? I want to change ~1000 actions from alter to drop
Logged
Print
Pages:
1
2
3
[
4
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Fast and easy way to protect your home and/or small office network with OPNsense