Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
How to set IP for rules working
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to set IP for rules working (Read 191 times)
someone
Full Member
Posts: 115
Karma: 2
How to set IP for rules working
«
on:
November 21, 2024, 07:50:23 pm »
IF in static mode , place your static IP under interfaces
If in DHCP, several things
Place your IP in Intrusion Detection > Administration > Settings > Home Networks box
Keep your settings under interfaces as DHCP
Put your non static IP or range in the box
Behind a router can be a specific IP or range
If not behind a router can put your IP in the box
If you have a DHCP range, can put the range in the box
testing this and the rules are working without modifications
thanks
will test some more
what is that box for if anyone knows
To me it doesnt match its desciption
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: How to set IP for rules working
«
Reply #1 on:
November 21, 2024, 09:12:15 pm »
Sorry, mate ...
What the heck is this supposed to mean?
Most of your posts are an unstructured wall of text containing a lot of incoherent ramblings.
Nobody will be able to deduct from the text you wrote above what your actual question/problem might be.
Please invest some time to structure your posts on this forum so they are comprehensible for people who might have the knowledge to help you.
1. What am I trying to achieve? (motivation)
2. What did I do to achieve this? (*full* details about *all* configuration settings relevant to the issue)
3. What did I expect to happen with these settings?
4. What happens instead? (error messages, unexpected behaviour, log file excerpts, packet traces, etc.)
If you don't change the general way of your posts I seriously doubt anyone will try to help you in the future. We are all just OPNsense users helping each other in our spare time.
If you don't think it is worth your time to structure your posts in any way, I don't think it is worth my time to try and make sense of this gibberish. This particular post of yours is a prime example. It does not make any sense.
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
someone
Full Member
Posts: 115
Karma: 2
Re: How to set IP for rules working
«
Reply #2 on:
November 22, 2024, 03:18:28 am »
Sorry, I will work on it
Have to understand I have spent the last year trying to be able to stay online for more than five minutes,
so its very hurried
And I may have a different approach at a problem or explanation
People have said that
Logged
someone
Full Member
Posts: 115
Karma: 2
Re: How to set IP for rules working
«
Reply #3 on:
November 22, 2024, 03:42:25 am »
ok
Static IPs can be set up, and their rules work
Not DHCP, which doesnt use a single IP, it changes
For a person on DHCP, as you know has no static address
We set up in DHCP mode, no where is there an IP setup for DHCP that I have found
Well, in that case, $HOME_NET in the suricata rules will not work
Because $HOME_NET is not defined anywhere
There isnt any programming to link whatever is assigned by DHCP to the suricata rules that I have found
Therefore most of the rules do not work, Opnsense changed their rules sets
They changed $HOME_NET to any, which is a workaround kind of
Some rules already say that, any means any IP, so the rules apply to all incoming traffic
So anyone who is on true DHCP can have working rules, like I was
But trying to figure out a way to change ET rule sets
They have to come prepackaged, from a third party, to different suricata setups
So I think opnsense was working on a workaround and maybe still are
I found a box I dont understand and the documentation and desciption do not help
But
Staying in DHCP mode, have to pick one under interfaces
And you put your IP or range in this box
The rules work, in DHCP mode, and I dont know if I am misusing this box
Meaning is it actually for another purpose
So anyone in DHCP mode can put their ISP IP or range or multi range or router range in this box
And the rules work, I am still testing it
I am hoping someone knows what this box is actually for
Intrusion detection > administration > settings then the Home Networks box
Unless there is something I am missing, I have been looking and testing on this for six months or more
on opnsense
If this box works this way, its what we are looking for, it defines $HOME_NET
It actually links what we put in that box to the suricata rules either as a Ip or range or multi range
thanks, still testing it
«
Last Edit: November 22, 2024, 04:27:42 am by someone
»
Logged
someone
Full Member
Posts: 115
Karma: 2
Re: How to set IP for rules working
«
Reply #4 on:
November 22, 2024, 04:20:48 am »
If anyone is wondering
the suricata yaml has to define $HOME_NET , which your static IP box will link it
In order to get the rules to work
drop IP $EXTERNAL_NET any -> $HOME_NET any ... any here is port number
drop IP any any -> any any ... first any is any IP, second is port number
Doesnt really have to define $EXTERNAL_NET which already is treated as any meaning any IP by default
Unless defined otherwise for say networking
we cant change the suricata yaml
It gets overwritten on rebooot, now thats a security measure and I like it
Logged
someone
Full Member
Posts: 115
Karma: 2
Re: How to set IP for rules working
«
Reply #5 on:
November 22, 2024, 05:17:36 am »
Here is what I am hit with in less than ten minutes on a good day
2024-11-21T21:32:01.087831-0600 5000050 blocked WAN 66.240.236.116 38497 my_IP 445 Bad_guys17
2024-11-21T21:32:01.087831-0600 5000050 blocked WAN 66.240.236.116 38497 my_IP 445 Bad_guys17
2024-11-21T21:31:53.437637-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 49829 Bad_guys12
2024-11-21T21:31:53.437637-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 49829 Bad_guys10
2024-11-21T21:31:53.437637-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 49829 Bad_guys7
2024-11-21T21:31:53.437637-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 49829 Bad_guys6
2024-11-21T21:31:53.437637-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 49829 Bad_guys12
2024-11-21T21:31:53.402830-0600 2008578 blocked WAN 185.243.5.55 5142 my_IP 5060 ET SCAN Sipvicious Scan
2024-11-21T21:31:53.402830-0600 2525003 blocked WAN 185.243.5.55 5142 my_IP 5060 ET 3CORESec Poor Reputation IP group 4
2024-11-21T21:31:53.402830-0600 2011716 blocked WAN 185.243.5.55 5142 my_IP 5060 ET SCAN Sipvicious User-Agent Detected (friendly-scanner)
2024-11-21T21:31:53.402830-0600 2008578 blocked WAN 185.243.5.55 5142 my_IP 5060 ET SCAN Sipvicious Scan
2024-11-21T21:31:29.169601-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 58555 Bad_guys12
2024-11-21T21:31:29.169601-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 58555 Bad_guys10
2024-11-21T21:31:29.169601-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 58555 Bad_guys7
2024-11-21T21:31:29.169601-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 58555 Bad_guys6
2024-11-21T21:31:29.169601-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 58555 Bad_guys12
2024-11-21T21:31:24.546846-0600 5000035 blocked WAN 79.110.62.195 45137 my_IP 30558 Bad_guys12
2024-11-21T21:31:24.546846-0600 5000046 blocked WAN 79.110.62.195 45137 my_IP 30558 Bad_guys10
2024-11-21T21:31:24.546846-0600 5000043 blocked WAN 79.110.62.195 45137 my_IP 30558 Bad_guys7
2024-11-21T21:31:24.546846-0600 5000042 blocked WAN 79.110.62.195 45137 my_IP 30558 Bad_guys6
2024-11-21T21:31:24.546846-0600 5000035 blocked WAN 79.110.62.195 45137 my_IP 30558 Bad_guys12
2024-11-21T21:31:22.424220-0600 2010935 blocked WAN 186.4.216.42 54881 my_IP 1433 ET SCAN Suspicious inbound to MSSQL port 1433
2024-11-21T21:31:22.424220-0600 2010935 blocked WAN 186.4.216.42 54881 my_IP 1433 ET SCAN Suspicious inbound to MSSQL port 1433
2024-11-21T21:31:20.080679-0600 5000039 blocked WAN 179.43.139.98 54454 my_IP 37807 Bad_guys3
2024-11-21T21:31:20.080679-0600 5000044 blocked WAN 179.43.139.98 54454 my_IP 37807 Bad_guys8
2024-11-21T21:31:20.080679-0600 5000039 blocked WAN 179.43.139.98 54454 my_IP 37807 Bad_guys3
2024-11-21T21:31:17.860540-0600 5000035 blocked WAN 45.84.89.2 63004 my_IP 1080 Bad_guys12
2024-11-21T21:31:17.860540-0600 5000046 blocked WAN 45.84.89.2 63004 my_IP 1080 Bad_guys10
2024-11-21T21:31:17.860540-0600 5000043 blocked WAN 45.84.89.2 63004 my_IP 1080 Bad_guys7
2024-11-21T21:31:17.860540-0600 5000042 blocked WAN 45.84.89.2 63004 my_IP 1080 Bad_guys6
2024-11-21T21:31:17.860540-0600 5000041 blocked WAN 45.84.89.2 63004 my_IP 1080 Bad_guys5
2024-11-21T21:31:17.860540-0600 5000035 blocked WAN 45.84.89.2 63004 my_IP 1080 Bad_guys12
2024-11-21T21:31:00.447356-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 50132 Bad_guys12
2024-11-21T21:31:00.447356-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 50132 Bad_guys10
2024-11-21T21:31:00.447356-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 50132 Bad_guys7
2024-11-21T21:31:00.447356-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 50132 Bad_guys6
2024-11-21T21:31:00.447356-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 50132 Bad_guys12
2024-11-21T21:30:58.546470-0600 2402000 blocked WAN 205.210.31.164 57106 my_IP 53300 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:30:58.546470-0600 5000046 blocked WAN 205.210.31.164 57106 my_IP 53300 Bad_guys10
2024-11-21T21:30:58.546470-0600 5000041 blocked WAN 205.210.31.164 57106 my_IP 53300 Bad_guys5
2024-11-21T21:30:58.546470-0600 5000039 blocked WAN 205.210.31.164 57106 my_IP 53300 Bad_guys3
2024-11-21T21:30:58.546470-0600 5000037 blocked WAN 205.210.31.164 57106 my_IP 53300 Bad_guys1
2024-11-21T21:30:58.546470-0600 2402000 blocked WAN 205.210.31.164 57106 my_IP 53300 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:30:55.264473-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 59346 Bad_guys12
2024-11-21T21:30:55.264473-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 59346 Bad_guys10
2024-11-21T21:30:55.264473-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 59346 Bad_guys7
2024-11-21T21:30:55.264473-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 59346 Bad_guys6
2024-11-21T21:30:55.264473-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 59346 Bad_guys12
2024-11-21T21:30:13.517319-0600 2402000 blocked WAN 193.163.125.5 53704 my_IP 21118 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:30:13.517319-0600 5000046 blocked WAN 193.163.125.5 53704 my_IP 21118 Bad_guys10
2024-11-21T21:30:13.517319-0600 5000042 blocked WAN 193.163.125.5 53704 my_IP 21118 Bad_guys6
2024-11-21T21:30:13.517319-0600 5000041 blocked WAN 193.163.125.5 53704 my_IP 21118 Bad_guys5
2024-11-21T21:30:13.517319-0600 5000039 blocked WAN 193.163.125.5 53704 my_IP 21118 Bad_guys3
2024-11-21T21:30:13.517319-0600 2402000 blocked WAN 193.163.125.5 53704 my_IP 21118 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:29:56.864399-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 55100 Bad_guys12
2024-11-21T21:29:56.864399-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 55100 Bad_guys10
2024-11-21T21:29:56.864399-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 55100 Bad_guys7
2024-11-21T21:29:56.864399-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 55100 Bad_guys6
2024-11-21T21:29:56.864399-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 55100 Bad_guys12
2024-11-21T21:29:36.890452-0600 5000039 blocked WAN 193.163.125.9 43151 my_IP 8301 Bad_guys3
2024-11-21T21:29:36.890452-0600 5000046 blocked WAN 193.163.125.9 43151 my_IP 8301 Bad_guys10
2024-11-21T21:29:36.890452-0600 5000042 blocked WAN 193.163.125.9 43151 my_IP 8301 Bad_guys6
2024-11-21T21:29:36.890452-0600 5000041 blocked WAN 193.163.125.9 43151 my_IP 8301 Bad_guys5
2024-11-21T21:29:36.890452-0600 5000039 blocked WAN 193.163.125.9 43151 my_IP 8301 Bad_guys3
2024-11-21T21:29:32.591337-0600 5000039 blocked WAN 179.43.147.58 44179 my_IP 14381 Bad_guys3
2024-11-21T21:29:32.591337-0600 5000044 blocked WAN 179.43.147.58 44179 my_IP 14381 Bad_guys8
2024-11-21T21:29:32.591337-0600 5000039 blocked WAN 179.43.147.58 44179 my_IP 14381 Bad_guys3
2024-11-21T21:29:15.146145-0600 5000039 blocked WAN 179.43.139.98 48664 my_IP 37806 Bad_guys3
2024-11-21T21:29:15.146145-0600 5000044 blocked WAN 179.43.139.98 48664 my_IP 37806 Bad_guys8
2024-11-21T21:29:15.146145-0600 5000039 blocked WAN 179.43.139.98 48664 my_IP 37806 Bad_guys3
2024-11-21T21:29:04.828085-0600 5000019 blocked WAN 4.156.236.151 59944 my_IP 81 Snort DROP Listed Traffic Inbound group 43
2024-11-21T21:29:04.828085-0600 5000029 blocked WAN 4.156.236.151 59944 my_IP 81 4.0.0.0/8
2024-11-21T21:29:04.828085-0600 2403304 blocked WAN 4.156.236.151 59944 my_IP 81 ET CINS Active Threat Intelligence Poor Reputation IP group 5
2024-11-21T21:29:04.828085-0600 5000019 blocked WAN 4.156.236.151 59944 my_IP 81 Snort DROP Listed Traffic Inbound group 43
2024-11-21T21:29:00.694520-0600 2400008 blocked WAN 83.222.190.66 54567 my_IP 9823 ET DROP Spamhaus DROP Listed Traffic Inbound group 9
2024-11-21T21:29:00.694520-0600 5000046 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys10
2024-11-21T21:29:00.694520-0600 5000044 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys8
2024-11-21T21:29:00.694520-0600 5000042 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys6
2024-11-21T21:29:00.694520-0600 5000041 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys5
2024-11-21T21:29:00.694520-0600 5000039 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys3
2024-11-21T21:29:00.694520-0600 5000038 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys2
2024-11-21T21:29:00.694520-0600 5000036 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys13
2024-11-21T21:29:00.694520-0600 5000035 blocked WAN 83.222.190.66 54567 my_IP 9823 Bad_guys12
2024-11-21T21:29:00.694520-0600 2400008 blocked WAN 83.222.190.66 54567 my_IP 9823 ET DROP Spamhaus DROP Listed Traffic Inbound group 9
2024-11-21T21:28:58.895105-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 38843 Bad_guys11
2024-11-21T21:28:58.895105-0600 5000040 blocked WAN 34.117.188.166 443 my_IP 38843 Bad_guys4
2024-11-21T21:28:58.895105-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 38843 Bad_guys11
2024-11-21T21:28:58.643905-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 5622 Bad_guys11
2024-11-21T21:28:58.643905-0600 5000040 blocked WAN 34.117.188.166 443 my_IP 5622 Bad_guys4
2024-11-21T21:28:58.643905-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 5622 Bad_guys11
2024-11-21T21:28:36.973944-0600 5000047 blocked WAN 59.21.114.141 49954 my_IP 23 Bad_guys14
2024-11-21T21:28:36.973944-0600 5000047 blocked WAN 59.21.114.141 49954 my_IP 23 Bad_guys14
2024-11-21T21:28:36.601325-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 40564 Bad_guys11
2024-11-21T21:28:36.601325-0600 5000040 blocked WAN 34.117.188.166 443 my_IP 40564 Bad_guys4
2024-11-21T21:28:36.601325-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 40564 Bad_guys11
2024-11-21T21:28:36.600742-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 41344 Bad_guys11
2024-11-21T21:28:36.600742-0600 5000040 blocked WAN 34.117.188.166 443 my_IP 41344 Bad_guys4
2024-11-21T21:28:36.600742-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 41344 Bad_guys11
2024-11-21T21:28:36.246647-0600 2402000 blocked WAN 147.185.133.6 56925 my_IP 58022 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:28:36.246647-0600 5000041 blocked WAN 147.185.133.6 56925 my_IP 58022 Bad_guys5
2024-11-21T21:28:36.246647-0600 5000038 blocked WAN 147.185.133.6 56925 my_IP 58022 Bad_guys2
2024-11-21T21:28:36.246647-0600 5000037 blocked WAN 147.185.133.6 56925 my_IP 58022 Bad_guys1
2024-11-21T21:28:36.246647-0600 2402000 blocked WAN 147.185.133.6 56925 my_IP 58022 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:28:25.983255-0600 2402000 blocked WAN 147.185.132.147 54054 my_IP 5060 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:28:25.983255-0600 5000041 blocked WAN 147.185.132.147 54054 my_IP 5060 Bad_guys5
2024-11-21T21:28:25.983255-0600 5000038 blocked WAN 147.185.132.147 54054 my_IP 5060 Bad_guys2
2024-11-21T21:28:25.983255-0600 5000037 blocked WAN 147.185.132.147 54054 my_IP 5060 Bad_guys1
2024-11-21T21:28:25.983255-0600 2402000 blocked WAN 147.185.132.147 54054 my_IP 5060 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:28:05.956042-0600 5000037 blocked WAN 205.210.31.36 53339 my_IP 2121 Bad_guys1
2024-11-21T21:28:05.956042-0600 5000046 blocked WAN 205.210.31.36 53339 my_IP 2121 Bad_guys10
2024-11-21T21:28:05.956042-0600 5000041 blocked WAN 205.210.31.36 53339 my_IP 2121 Bad_guys5
2024-11-21T21:28:05.956042-0600 5000039 blocked WAN 205.210.31.36 53339 my_IP 2121 Bad_guys3
2024-11-21T21:28:05.956042-0600 5000037 blocked WAN 205.210.31.36 53339 my_IP 2121 Bad_guys1
2024-11-21T21:28:00.783555-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 52855 Bad_guys12
2024-11-21T21:28:00.783555-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 52855 Bad_guys10
2024-11-21T21:28:00.783555-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 52855 Bad_guys7
2024-11-21T21:28:00.783555-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 52855 Bad_guys6
2024-11-21T21:28:00.783555-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 52855 Bad_guys12
2024-11-21T21:27:50.296555-0600 5000046 blocked WAN 185.224.128.17 43389 my_IP 80 Bad_guys10
2024-11-21T21:27:50.296555-0600 5000046 blocked WAN 185.224.128.17 43389 my_IP 80 Bad_guys10
2024-11-21T21:27:45.326065-0600 5000048 blocked WAN 118.37.157.169 55167 my_IP 6006 Bad_guys15
2024-11-21T21:27:45.326065-0600 5000048 blocked WAN 118.37.157.169 55167 my_IP 6006 Bad_guys15
2024-11-21T21:27:39.650442-0600 2402000 blocked WAN 205.210.31.25 54040 my_IP 9997 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:27:39.650442-0600 5000046 blocked WAN 205.210.31.25 54040 my_IP 9997 Bad_guys10
2024-11-21T21:27:39.650442-0600 5000041 blocked WAN 205.210.31.25 54040 my_IP 9997 Bad_guys5
2024-11-21T21:27:39.650442-0600 5000039 blocked WAN 205.210.31.25 54040 my_IP 9997 Bad_guys3
2024-11-21T21:27:39.650442-0600 5000037 blocked WAN 205.210.31.25 54040 my_IP 9997 Bad_guys1
2024-11-21T21:27:39.650442-0600 2402000 blocked WAN 205.210.31.25 54040 my_IP 9997 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:27:38.143329-0600 5000035 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys12
2024-11-21T21:27:38.143329-0600 5000046 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys10
2024-11-21T21:27:38.143329-0600 5000044 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys8
2024-11-21T21:27:38.143329-0600 5000042 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys6
2024-11-21T21:27:38.143329-0600 5000041 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys5
2024-11-21T21:27:38.143329-0600 5000039 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys3
2024-11-21T21:27:38.143329-0600 5000038 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys2
2024-11-21T21:27:38.143329-0600 5000036 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys13
2024-11-21T21:27:38.143329-0600 5000035 blocked WAN 83.222.191.170 50106 my_IP 65379 Bad_guys12
2024-11-21T21:27:30.170820-0600 5000035 blocked WAN 79.124.49.130 48122 my_IP 4074 Bad_guys12
2024-11-21T21:27:30.170820-0600 5000035 blocked WAN 79.124.49.130 48122 my_IP 4074 Bad_guys12
2024-11-21T21:27:28.711586-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 64280 Bad_guys11
2024-11-21T21:27:28.711586-0600 5000040 blocked WAN 34.117.188.166 443 my_IP 64280 Bad_guys4
2024-11-21T21:27:28.711586-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 64280 Bad_guys11
2024-11-21T21:27:28.461897-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 52628 Bad_guys11
2024-11-21T21:27:28.461897-0600 5000040 blocked WAN 34.117.188.166 443 my_IP 52628 Bad_guys4
2024-11-21T21:27:28.461897-0600 5000034 blocked WAN 34.117.188.166 443 my_IP 52628 Bad_guys11
2024-11-21T21:27:18.970428-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 51275 Bad_guys12
2024-11-21T21:27:18.970428-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 51275 Bad_guys10
2024-11-21T21:27:18.970428-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 51275 Bad_guys7
2024-11-21T21:27:18.970428-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 51275 Bad_guys6
2024-11-21T21:27:18.970428-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 51275 Bad_guys12
2024-11-21T21:27:17.171683-0600 2400032 blocked WAN 185.234.216.19 59725 my_IP 4769 ET DROP Spamhaus DROP Listed Traffic Inbound group 33
2024-11-21T21:27:17.171683-0600 5000046 blocked WAN 185.234.216.19 59725 my_IP 4769 Bad_guys10
2024-11-21T21:27:17.171683-0600 5000044 blocked WAN 185.234.216.19 59725 my_IP 4769 Bad_guys8
2024-11-21T21:27:17.171683-0600 2402000 blocked WAN 185.234.216.19 59725 my_IP 4769 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:27:17.171683-0600 2400032 blocked WAN 185.234.216.19 59725 my_IP 4769 ET DROP Spamhaus DROP Listed Traffic Inbound group 33
2024-11-21T21:27:01.057343-0600 2525003 blocked WAN 185.208.156.160 59483 my_IP 443 ET 3CORESec Poor Reputation IP group 4
2024-11-21T21:27:01.057343-0600 2525003 blocked WAN 185.208.156.160 59483 my_IP 443 ET 3CORESec Poor Reputation IP group 4
2024-11-21T21:26:45.776136-0600 5000035 blocked WAN 79.110.62.52 41013 my_IP 48123 Bad_guys12
2024-11-21T21:26:45.776136-0600 5000046 blocked WAN 79.110.62.52 41013 my_IP 48123 Bad_guys10
2024-11-21T21:26:45.776136-0600 5000043 blocked WAN 79.110.62.52 41013 my_IP 48123 Bad_guys7
2024-11-21T21:26:45.776136-0600 5000042 blocked WAN 79.110.62.52 41013 my_IP 48123 Bad_guys6
2024-11-21T21:26:45.776136-0600 5000035 blocked WAN 79.110.62.52 41013 my_IP 48123 Bad_guys12
2024-11-21T21:26:34.440991-0600 5000035 blocked WAN 154.213.192.15 44872 my_IP 25565 Bad_guys12
2024-11-21T21:26:34.440991-0600 5000044 blocked WAN 154.213.192.15 44872 my_IP 25565 Bad_guys8
2024-11-21T21:26:34.440991-0600 5000041 blocked WAN 154.213.192.15 44872 my_IP 25565 Bad_guys5
2024-11-21T21:26:34.440991-0600 5000040 blocked WAN 154.213.192.15 44872 my_IP 25565 Bad_guys4
2024-11-21T21:26:34.440991-0600 5000039 blocked WAN 154.213.192.15 44872 my_IP 25565 Bad_guys3
2024-11-21T21:26:34.440991-0600 5000035 blocked WAN 154.213.192.15 44872 my_IP 25565 Bad_guys12
2024-11-21T21:26:32.965413-0600 5000039 blocked WAN 179.43.139.98 54123 my_IP 37805 Bad_guys3
2024-11-21T21:26:32.965413-0600 5000044 blocked WAN 179.43.139.98 54123 my_IP 37805 Bad_guys8
2024-11-21T21:26:32.965413-0600 5000039 blocked WAN 179.43.139.98 54123 my_IP 37805 Bad_guys3
2024-11-21T21:26:30.295645-0600 5000035 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys12
2024-11-21T21:26:30.295645-0600 5000046 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys10
2024-11-21T21:26:30.295645-0600 5000044 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys8
2024-11-21T21:26:30.295645-0600 5000042 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys6
2024-11-21T21:26:30.295645-0600 5000041 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys5
2024-11-21T21:26:30.295645-0600 5000039 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys3
2024-11-21T21:26:30.295645-0600 5000038 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys2
2024-11-21T21:26:30.295645-0600 5000036 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys13
2024-11-21T21:26:30.295645-0600 5000035 blocked WAN 83.222.190.230 52075 my_IP 2331 Bad_guys12
2024-11-21T21:26:17.547319-0600 2402000 blocked WAN 198.235.24.206 52676 my_IP 111 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:26:17.547319-0600 5000044 blocked WAN 198.235.24.206 52676 my_IP 111 Bad_guys8
2024-11-21T21:26:17.547319-0600 5000042 blocked WAN 198.235.24.206 52676 my_IP 111 Bad_guys6
2024-11-21T21:26:17.547319-0600 5000041 blocked WAN 198.235.24.206 52676 my_IP 111 Bad_guys5
2024-11-21T21:26:17.547319-0600 5000037 blocked WAN 198.235.24.206 52676 my_IP 111 Bad_guys1
2024-11-21T21:26:17.547319-0600 2402000 blocked WAN 198.235.24.206 52676 my_IP 111 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:26:02.737289-0600 2400007 blocked WAN 80.64.30.32 49357 my_IP 54280 ET DROP Spamhaus DROP Listed Traffic Inbound group 8
2024-11-21T21:26:02.737289-0600 2400007 blocked WAN 80.64.30.32 49357 my_IP 54280 ET DROP Spamhaus DROP Listed Traffic Inbound group 8
2024-11-21T21:25:35.208202-0600 2400007 blocked WAN 79.110.62.144 44497 my_IP 42587 ET DROP Spamhaus DROP Listed Traffic Inbound group 8
2024-11-21T21:25:35.208202-0600 5000046 blocked WAN 79.110.62.144 44497 my_IP 42587 Bad_guys10
2024-11-21T21:25:35.208202-0600 5000043 blocked WAN 79.110.62.144 44497 my_IP 42587 Bad_guys7
2024-11-21T21:25:35.208202-0600 5000042 blocked WAN 79.110.62.144 44497 my_IP 42587 Bad_guys6
2024-11-21T21:25:35.208202-0600 5000035 blocked WAN 79.110.62.144 44497 my_IP 42587 Bad_guys12
2024-11-21T21:25:35.208202-0600 2400007 blocked WAN 79.110.62.144 44497 my_IP 42587 ET DROP Spamhaus DROP Listed Traffic Inbound group 8
2024-11-21T21:25:33.648226-0600 2400008 blocked WAN 85.209.11.184 40003 my_IP 5330 ET DROP Spamhaus DROP Listed Traffic Inbound group 9
2024-11-21T21:25:33.648226-0600 5000039 blocked WAN 85.209.11.184 40003 my_IP 5330 Bad_guys3
2024-11-21T21:25:33.648226-0600 5000036 blocked WAN 85.209.11.184 40003 my_IP 5330 Bad_guys13
2024-11-21T21:25:33.648226-0600 5000035 blocked WAN 85.209.11.184 40003 my_IP 5330 Bad_guys12
2024-11-21T21:25:33.648226-0600 2402000 blocked WAN 85.209.11.184 40003 my_IP 5330 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:25:33.648226-0600 2400008 blocked WAN 85.209.11.184 40003 my_IP 5330 ET DROP Spamhaus DROP Listed Traffic Inbound group 9
2024-11-21T21:25:18.553998-0600 2402000 blocked WAN 198.235.24.176 54811 my_IP 5906 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:25:18.553998-0600 5000044 blocked WAN 198.235.24.176 54811 my_IP 5906 Bad_guys8
2024-11-21T21:25:18.553998-0600 5000042 blocked WAN 198.235.24.176 54811 my_IP 5906 Bad_guys6
2024-11-21T21:25:18.553998-0600 5000041 blocked WAN 198.235.24.176 54811 my_IP 5906 Bad_guys5
2024-11-21T21:25:18.553998-0600 5000037 blocked WAN 198.235.24.176 54811 my_IP 5906 Bad_guys1
2024-11-21T21:25:18.553998-0600 2402000 blocked WAN 198.235.24.176 54811 my_IP 5906 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:25:17.522659-0600 5000035 blocked WAN 79.110.62.155 45071 my_IP 12590 Bad_guys12
2024-11-21T21:25:17.522659-0600 5000046 blocked WAN 79.110.62.155 45071 my_IP 12590 Bad_guys10
2024-11-21T21:25:17.522659-0600 5000043 blocked WAN 79.110.62.155 45071 my_IP 12590 Bad_guys7
2024-11-21T21:25:17.522659-0600 5000042 blocked WAN 79.110.62.155 45071 my_IP 12590 Bad_guys6
2024-11-21T21:25:17.522659-0600 5000035 blocked WAN 79.110.62.155 45071 my_IP 12590 Bad_guys12
2024-11-21T21:24:56.672440-0600 5000037 blocked WAN 64.62.197.236 47414 my_IP 80 Bad_guys1
2024-11-21T21:24:56.672440-0600 5000042 blocked WAN 64.62.197.236 47414 my_IP 80 Bad_guys6
2024-11-21T21:24:56.672440-0600 5000041 blocked WAN 64.62.197.236 47414 my_IP 80 Bad_guys5
2024-11-21T21:24:56.672440-0600 5000037 blocked WAN 64.62.197.236 47414 my_IP 80 Bad_guys1
2024-11-21T21:24:56.430165-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 56259 Bad_guys12
2024-11-21T21:24:56.430165-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 56259 Bad_guys10
2024-11-21T21:24:56.430165-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 56259 Bad_guys7
2024-11-21T21:24:56.430165-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 56259 Bad_guys6
2024-11-21T21:24:56.430165-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 56259 Bad_guys12
2024-11-21T21:24:54.052022-0600 5000035 blocked WAN 79.110.62.194 44699 my_IP 24534 Bad_guys12
2024-11-21T21:24:54.052022-0600 5000046 blocked WAN 79.110.62.194 44699 my_IP 24534 Bad_guys10
2024-11-21T21:24:54.052022-0600 5000043 blocked WAN 79.110.62.194 44699 my_IP 24534 Bad_guys7
2024-11-21T21:24:54.052022-0600 5000042 blocked WAN 79.110.62.194 44699 my_IP 24534 Bad_guys6
2024-11-21T21:24:54.052022-0600 5000035 blocked WAN 79.110.62.194 44699 my_IP 24534 Bad_guys12
2024-11-21T21:24:52.154735-0600 2402000 blocked WAN 167.94.138.159 53843 my_IP 8880 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:24:52.154735-0600 5000046 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys10
2024-11-21T21:24:52.154735-0600 5000044 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys8
2024-11-21T21:24:52.154735-0600 5000043 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys7
2024-11-21T21:24:52.154735-0600 5000042 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys6
2024-11-21T21:24:52.154735-0600 5000038 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys2
2024-11-21T21:24:52.154735-0600 5000037 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys1
2024-11-21T21:24:52.154735-0600 5000036 blocked WAN 167.94.138.159 53843 my_IP 8880 Bad_guys13
2024-11-21T21:24:52.154735-0600 2402000 blocked WAN 167.94.138.159 53843 my_IP 8880 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:24:33.393256-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 59494 Bad_guys12
2024-11-21T21:24:33.393256-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 59494 Bad_guys10
2024-11-21T21:24:33.393256-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 59494 Bad_guys7
2024-11-21T21:24:33.393256-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 59494 Bad_guys6
2024-11-21T21:24:33.393256-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 59494 Bad_guys12
2024-11-21T21:24:29.140284-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 56629 Bad_guys12
2024-11-21T21:24:29.140284-0600 5000046 blocked WAN 79.110.62.140 49811 my_IP 56629 Bad_guys10
2024-11-21T21:24:29.140284-0600 5000043 blocked WAN 79.110.62.140 49811 my_IP 56629 Bad_guys7
2024-11-21T21:24:29.140284-0600 5000042 blocked WAN 79.110.62.140 49811 my_IP 56629 Bad_guys6
2024-11-21T21:24:29.140284-0600 5000035 blocked WAN 79.110.62.140 49811 my_IP 56629 Bad_guys12
2024-11-21T21:24:22.046274-0600 2402000 blocked WAN 147.185.133.40 57013 my_IP 49687 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:24:22.046274-0600 5000041 blocked WAN 147.185.133.40 57013 my_IP 49687 Bad_guys5
2024-11-21T21:24:22.046274-0600 5000038 blocked WAN 147.185.133.40 57013 my_IP 49687 Bad_guys2
2024-11-21T21:24:22.046274-0600 5000037 blocked WAN 147.185.133.40 57013 my_IP 49687 Bad_guys1
2024-11-21T21:24:22.046274-0600 2402000 blocked WAN 147.185.133.40 57013 my_IP 49687 ET DROP Dshield Block Listed Source group 1
2024-11-21T21:24:21.877643-0600 2400023 blocked WAN 154.213.184.18 32905 my_IP 1085 ET DROP Spamhaus DROP Listed Traffic Inbound group 24
Please these IPs are spoofed
Someone else has the real IP
Everyone please dont bother grandma;s router
Logged
jonny5
Newbie
Posts: 37
Karma: 3
Re: How to set IP for rules working
«
Reply #6 on:
November 22, 2024, 07:20:48 am »
I'm also a bit beside myself reading your messages...
The firewall appears to be working as expected
Do you have CrowdSec setup?
You don't have to manage your own block lists. They have three block lists you can subscribe to, and you can alias 'subscribe' block lists in OPNSense too.
Block lists help, but they are not a "fix". They can do as much damage as good.
Best wishes, use IDS and Firewall and enable the Firewall's list with your IDS/Suricata EVELOG Output Severity 1/2 TCP hits via CrowdSec, for free for one Security Engine
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: How to set IP for rules working
«
Reply #7 on:
November 22, 2024, 08:03:21 am »
@someone you do not need Suricata to stay safe. A default OPNsense installation will block everything coming in on WAN. You cannot be hacked if you do not create any allow rules on the WAN interface.
It does not matter what people throw at you all day. It's blocked, so who cares?
To repeat:
- start with a fresh installation of OPNsense
- connect a single PC or a switch to LAN
- configure WAN for your ISP
- set a strong root password
Done. You are perfectly safe. It's impossible to "hack" you over the Internet. You do not need any additional configuration.
«
Last Edit: November 22, 2024, 08:44:42 am by Patrick M. Hausen
»
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
someone
Full Member
Posts: 115
Karma: 2
Re: How to set IP for rules working
«
Reply #8 on:
November 22, 2024, 04:59:41 pm »
Thank you
That would be nice
I was coming from iptables, opnsense is a little different
And I saw a two Utube videos to set up opnsense where they opened ports in the firewall
They said to get opnsense to work, well I closed them, thanks for that info
I found the box I have been looking for and overlooked for so long
Preoccupied with getting hacked
The DHCP IP range is under interfaces > wan. > alias ipv4 box
Testing that one, worked just a few minutes ago , will test some more
Descriptions and documentation needs work I think
Thanks for your help
That looks like correct box being under interfaces set to wan
when it mentions client I think in that case it refers to opnsense
being a client of the ISP dhcp server
Going to start testing it now, thanks
«
Last Edit: November 22, 2024, 06:11:13 pm by someone
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
How to set IP for rules working
