How to set IP for rules working

Started by someone, November 21, 2024, 07:50:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 21, 2024, 07:50:23 PM Last Edit: February 05, 2025, 06:33:41 PM by someone Reason: ADD
IF in static mode , place your static IP under interfaces
If in DHCP, several things, or if you have a static IP also
Place your IP in Intrusion Detection > Administration > Settings > Home Networks box
Put your  IP or range in the box
Behind a router can be a specific IP or range
If not behind a router can put your IP in the box
If you have a DHCP range, can put the range in the box
testing this and the rules are working without modifications
thanks
November 21, 2024, 09:12:15 PM #1
Sorry, mate ...

What the heck is this supposed to mean?

Most of your posts are an unstructured wall of text containing a lot of incoherent ramblings.

Nobody will be able to deduct from the text you wrote above what your actual question/problem might be.

Please invest some time to structure your posts on this forum so they are comprehensible for people who might have the knowledge to help you.

1. What am I trying to achieve? (motivation)
2. What did I do to achieve this? (*full* details about *all* configuration settings relevant to the issue)
3. What did I expect to happen with these settings?
4. What happens instead? (error messages, unexpected behaviour, log file excerpts, packet traces, etc.)

If you don't change the general way of your posts I seriously doubt anyone will try to help you in the future. We are all just OPNsense users helping each other in our spare time.

If you don't think it is worth your time to structure your posts in any way, I don't think it is worth my time to try and make sense of this gibberish. This particular post of yours is a prime example. It does not make any sense.

Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 22, 2024, 03:18:28 AM #2
Sorry, I will work on it
Have to understand I have spent the last year trying to be able to stay online for more than five minutes,
so its very hurried
And I may have a different approach at a problem or explanation
People have said that
November 22, 2024, 03:42:25 AM #3 Last Edit: November 22, 2024, 04:27:42 AM by someone
ok
Static IPs can be set up, and their rules work
Not DHCP, which doesnt use a single IP, it changes
For a person on DHCP, as you know has no static address
We set up in DHCP mode, no where is there an IP setup for DHCP that I have found
Well, in that case, $HOME_NET in the suricata rules will not work
Because $HOME_NET is not defined anywhere
There isnt any programming to link whatever is assigned by DHCP to the suricata rules that I have found
Therefore most of the rules do not work, Opnsense changed their rules sets
They changed $HOME_NET to any, which is a workaround kind of
Some rules already say that, any means any IP, so the rules apply to all incoming traffic
So anyone who is on true DHCP can have working rules, like I was
But trying to figure out a way to change ET rule sets
They have to come prepackaged, from a third party, to different suricata setups
So I think opnsense was working on a workaround and maybe still are
I found a box I dont understand and the documentation and desciption do not help
But
Staying in DHCP mode, have to pick one under interfaces
And you put your IP or range in this box
The rules work, in DHCP mode, and I dont know if I am misusing this box
Meaning is it actually for another purpose
So anyone in DHCP mode can put their ISP IP or range or multi range or router range in this box
And the rules work, I am still testing it
I am hoping someone knows what this box is actually for
Intrusion detection > administration > settings  then the Home Networks box
Unless there is something I am missing, I have been looking and testing on this for six months or more
on opnsense
If this box works this way, its what we are looking for, it defines $HOME_NET
It actually links what we put in that box to the suricata rules either as a Ip or range or multi range
thanks, still testing it
November 22, 2024, 04:20:48 AM #4
If anyone is wondering
the suricata yaml has to define $HOME_NET , which your static IP box will link it
In order to get the rules to work
drop IP $EXTERNAL_NET any ->  $HOME_NET any ... any here is port number
drop IP any any -> any any ... first any is any IP, second is port number
Doesnt really have to define $EXTERNAL_NET which already is treated as any meaning any IP by default
Unless defined otherwise for say networking
we cant change the suricata yaml
It gets overwritten on rebooot, now thats a security measure and I like it
November 22, 2024, 05:17:36 AM #5
Here is what I am hit with in less than ten minutes on a good day
2024-11-21T21:32:01.087831-0600   5000050   blocked   WAN   66.240.236.116   38497   my_IP   445   Bad_guys17   
2024-11-21T21:32:01.087831-0600   5000050   blocked   WAN   66.240.236.116   38497   my_IP   445   Bad_guys17   
2024-11-21T21:31:53.437637-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   49829   Bad_guys12   
2024-11-21T21:31:53.437637-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   49829   Bad_guys10   
2024-11-21T21:31:53.437637-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   49829   Bad_guys7   
2024-11-21T21:31:53.437637-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   49829   Bad_guys6   
2024-11-21T21:31:53.437637-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   49829   Bad_guys12   
2024-11-21T21:31:53.402830-0600   2008578   blocked   WAN   185.243.5.55   5142   my_IP   5060   ET SCAN Sipvicious Scan   
2024-11-21T21:31:53.402830-0600   2525003   blocked   WAN   185.243.5.55   5142   my_IP   5060   ET 3CORESec Poor Reputation IP group 4   
2024-11-21T21:31:53.402830-0600   2011716   blocked   WAN   185.243.5.55   5142   my_IP   5060   ET SCAN Sipvicious User-Agent Detected (friendly-scanner)   
2024-11-21T21:31:53.402830-0600   2008578   blocked   WAN   185.243.5.55   5142   my_IP   5060   ET SCAN Sipvicious Scan   
2024-11-21T21:31:29.169601-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   58555   Bad_guys12   
2024-11-21T21:31:29.169601-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   58555   Bad_guys10   
2024-11-21T21:31:29.169601-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   58555   Bad_guys7   
2024-11-21T21:31:29.169601-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   58555   Bad_guys6   
2024-11-21T21:31:29.169601-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   58555   Bad_guys12   
2024-11-21T21:31:24.546846-0600   5000035   blocked   WAN   79.110.62.195   45137   my_IP   30558   Bad_guys12   
2024-11-21T21:31:24.546846-0600   5000046   blocked   WAN   79.110.62.195   45137   my_IP   30558   Bad_guys10   
2024-11-21T21:31:24.546846-0600   5000043   blocked   WAN   79.110.62.195   45137   my_IP   30558   Bad_guys7   
2024-11-21T21:31:24.546846-0600   5000042   blocked   WAN   79.110.62.195   45137   my_IP   30558   Bad_guys6   
2024-11-21T21:31:24.546846-0600   5000035   blocked   WAN   79.110.62.195   45137   my_IP   30558   Bad_guys12   
2024-11-21T21:31:22.424220-0600   2010935   blocked   WAN   186.4.216.42   54881   my_IP   1433   ET SCAN Suspicious inbound to MSSQL port 1433   
2024-11-21T21:31:22.424220-0600   2010935   blocked   WAN   186.4.216.42   54881   my_IP   1433   ET SCAN Suspicious inbound to MSSQL port 1433   
2024-11-21T21:31:20.080679-0600   5000039   blocked   WAN   179.43.139.98   54454   my_IP   37807   Bad_guys3   
2024-11-21T21:31:20.080679-0600   5000044   blocked   WAN   179.43.139.98   54454   my_IP   37807   Bad_guys8   
2024-11-21T21:31:20.080679-0600   5000039   blocked   WAN   179.43.139.98   54454   my_IP   37807   Bad_guys3   
2024-11-21T21:31:17.860540-0600   5000035   blocked   WAN   45.84.89.2   63004   my_IP   1080   Bad_guys12   
2024-11-21T21:31:17.860540-0600   5000046   blocked   WAN   45.84.89.2   63004   my_IP   1080   Bad_guys10   
2024-11-21T21:31:17.860540-0600   5000043   blocked   WAN   45.84.89.2   63004   my_IP   1080   Bad_guys7   
2024-11-21T21:31:17.860540-0600   5000042   blocked   WAN   45.84.89.2   63004   my_IP   1080   Bad_guys6   
2024-11-21T21:31:17.860540-0600   5000041   blocked   WAN   45.84.89.2   63004   my_IP   1080   Bad_guys5   
2024-11-21T21:31:17.860540-0600   5000035   blocked   WAN   45.84.89.2   63004   my_IP   1080   Bad_guys12   
2024-11-21T21:31:00.447356-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   50132   Bad_guys12   
2024-11-21T21:31:00.447356-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   50132   Bad_guys10   
2024-11-21T21:31:00.447356-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   50132   Bad_guys7   
2024-11-21T21:31:00.447356-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   50132   Bad_guys6   
2024-11-21T21:31:00.447356-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   50132   Bad_guys12   
2024-11-21T21:30:58.546470-0600   2402000   blocked   WAN   205.210.31.164   57106   my_IP   53300   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:30:58.546470-0600   5000046   blocked   WAN   205.210.31.164   57106   my_IP   53300   Bad_guys10   
2024-11-21T21:30:58.546470-0600   5000041   blocked   WAN   205.210.31.164   57106   my_IP   53300   Bad_guys5   
2024-11-21T21:30:58.546470-0600   5000039   blocked   WAN   205.210.31.164   57106   my_IP   53300   Bad_guys3   
2024-11-21T21:30:58.546470-0600   5000037   blocked   WAN   205.210.31.164   57106   my_IP   53300   Bad_guys1   
2024-11-21T21:30:58.546470-0600   2402000   blocked   WAN   205.210.31.164   57106   my_IP   53300   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:30:55.264473-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   59346   Bad_guys12   
2024-11-21T21:30:55.264473-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   59346   Bad_guys10   
2024-11-21T21:30:55.264473-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   59346   Bad_guys7   
2024-11-21T21:30:55.264473-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   59346   Bad_guys6   
2024-11-21T21:30:55.264473-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   59346   Bad_guys12   
2024-11-21T21:30:13.517319-0600   2402000   blocked   WAN   193.163.125.5   53704   my_IP   21118   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:30:13.517319-0600   5000046   blocked   WAN   193.163.125.5   53704   my_IP   21118   Bad_guys10   
2024-11-21T21:30:13.517319-0600   5000042   blocked   WAN   193.163.125.5   53704   my_IP   21118   Bad_guys6   
2024-11-21T21:30:13.517319-0600   5000041   blocked   WAN   193.163.125.5   53704   my_IP   21118   Bad_guys5   
2024-11-21T21:30:13.517319-0600   5000039   blocked   WAN   193.163.125.5   53704   my_IP   21118   Bad_guys3   
2024-11-21T21:30:13.517319-0600   2402000   blocked   WAN   193.163.125.5   53704   my_IP   21118   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:29:56.864399-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   55100   Bad_guys12   
2024-11-21T21:29:56.864399-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   55100   Bad_guys10   
2024-11-21T21:29:56.864399-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   55100   Bad_guys7   
2024-11-21T21:29:56.864399-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   55100   Bad_guys6   
2024-11-21T21:29:56.864399-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   55100   Bad_guys12   
2024-11-21T21:29:36.890452-0600   5000039   blocked   WAN   193.163.125.9   43151   my_IP   8301   Bad_guys3   
2024-11-21T21:29:36.890452-0600   5000046   blocked   WAN   193.163.125.9   43151   my_IP   8301   Bad_guys10   
2024-11-21T21:29:36.890452-0600   5000042   blocked   WAN   193.163.125.9   43151   my_IP   8301   Bad_guys6   
2024-11-21T21:29:36.890452-0600   5000041   blocked   WAN   193.163.125.9   43151   my_IP   8301   Bad_guys5   
2024-11-21T21:29:36.890452-0600   5000039   blocked   WAN   193.163.125.9   43151   my_IP   8301   Bad_guys3   
2024-11-21T21:29:32.591337-0600   5000039   blocked   WAN   179.43.147.58   44179   my_IP   14381   Bad_guys3   
2024-11-21T21:29:32.591337-0600   5000044   blocked   WAN   179.43.147.58   44179   my_IP   14381   Bad_guys8   
2024-11-21T21:29:32.591337-0600   5000039   blocked   WAN   179.43.147.58   44179   my_IP   14381   Bad_guys3   
2024-11-21T21:29:15.146145-0600   5000039   blocked   WAN   179.43.139.98   48664   my_IP   37806   Bad_guys3   
2024-11-21T21:29:15.146145-0600   5000044   blocked   WAN   179.43.139.98   48664   my_IP   37806   Bad_guys8   
2024-11-21T21:29:15.146145-0600   5000039   blocked   WAN   179.43.139.98   48664   my_IP   37806   Bad_guys3   
2024-11-21T21:29:04.828085-0600   5000019   blocked   WAN   4.156.236.151   59944   my_IP   81   Snort DROP Listed Traffic Inbound group 43   
2024-11-21T21:29:04.828085-0600   5000029   blocked   WAN   4.156.236.151   59944   my_IP   81   4.0.0.0/8   
2024-11-21T21:29:04.828085-0600   2403304   blocked   WAN   4.156.236.151   59944   my_IP   81   ET CINS Active Threat Intelligence Poor Reputation IP group 5   
2024-11-21T21:29:04.828085-0600   5000019   blocked   WAN   4.156.236.151   59944   my_IP   81   Snort DROP Listed Traffic Inbound group 43   
2024-11-21T21:29:00.694520-0600   2400008   blocked   WAN   83.222.190.66   54567   my_IP   9823   ET DROP Spamhaus DROP Listed Traffic Inbound group 9   
2024-11-21T21:29:00.694520-0600   5000046   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys10   
2024-11-21T21:29:00.694520-0600   5000044   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys8   
2024-11-21T21:29:00.694520-0600   5000042   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys6   
2024-11-21T21:29:00.694520-0600   5000041   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys5   
2024-11-21T21:29:00.694520-0600   5000039   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys3   
2024-11-21T21:29:00.694520-0600   5000038   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys2   
2024-11-21T21:29:00.694520-0600   5000036   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys13   
2024-11-21T21:29:00.694520-0600   5000035   blocked   WAN   83.222.190.66   54567   my_IP   9823   Bad_guys12   
2024-11-21T21:29:00.694520-0600   2400008   blocked   WAN   83.222.190.66   54567   my_IP   9823   ET DROP Spamhaus DROP Listed Traffic Inbound group 9   
2024-11-21T21:28:58.895105-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   38843   Bad_guys11   
2024-11-21T21:28:58.895105-0600   5000040   blocked   WAN   34.117.188.166   443   my_IP   38843   Bad_guys4   
2024-11-21T21:28:58.895105-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   38843   Bad_guys11   
2024-11-21T21:28:58.643905-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   5622   Bad_guys11   
2024-11-21T21:28:58.643905-0600   5000040   blocked   WAN   34.117.188.166   443   my_IP   5622   Bad_guys4   
2024-11-21T21:28:58.643905-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   5622   Bad_guys11   
2024-11-21T21:28:36.973944-0600   5000047   blocked   WAN   59.21.114.141   49954   my_IP   23   Bad_guys14   
2024-11-21T21:28:36.973944-0600   5000047   blocked   WAN   59.21.114.141   49954   my_IP   23   Bad_guys14   
2024-11-21T21:28:36.601325-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   40564   Bad_guys11   
2024-11-21T21:28:36.601325-0600   5000040   blocked   WAN   34.117.188.166   443   my_IP   40564   Bad_guys4   
2024-11-21T21:28:36.601325-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   40564   Bad_guys11   
2024-11-21T21:28:36.600742-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   41344   Bad_guys11   
2024-11-21T21:28:36.600742-0600   5000040   blocked   WAN   34.117.188.166   443   my_IP   41344   Bad_guys4   
2024-11-21T21:28:36.600742-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   41344   Bad_guys11   
2024-11-21T21:28:36.246647-0600   2402000   blocked   WAN   147.185.133.6   56925   my_IP   58022   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:28:36.246647-0600   5000041   blocked   WAN   147.185.133.6   56925   my_IP   58022   Bad_guys5   
2024-11-21T21:28:36.246647-0600   5000038   blocked   WAN   147.185.133.6   56925   my_IP   58022   Bad_guys2   
2024-11-21T21:28:36.246647-0600   5000037   blocked   WAN   147.185.133.6   56925   my_IP   58022   Bad_guys1   
2024-11-21T21:28:36.246647-0600   2402000   blocked   WAN   147.185.133.6   56925   my_IP   58022   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:28:25.983255-0600   2402000   blocked   WAN   147.185.132.147   54054   my_IP   5060   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:28:25.983255-0600   5000041   blocked   WAN   147.185.132.147   54054   my_IP   5060   Bad_guys5   
2024-11-21T21:28:25.983255-0600   5000038   blocked   WAN   147.185.132.147   54054   my_IP   5060   Bad_guys2   
2024-11-21T21:28:25.983255-0600   5000037   blocked   WAN   147.185.132.147   54054   my_IP   5060   Bad_guys1   
2024-11-21T21:28:25.983255-0600   2402000   blocked   WAN   147.185.132.147   54054   my_IP   5060   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:28:05.956042-0600   5000037   blocked   WAN   205.210.31.36   53339   my_IP   2121   Bad_guys1   
2024-11-21T21:28:05.956042-0600   5000046   blocked   WAN   205.210.31.36   53339   my_IP   2121   Bad_guys10   
2024-11-21T21:28:05.956042-0600   5000041   blocked   WAN   205.210.31.36   53339   my_IP   2121   Bad_guys5   
2024-11-21T21:28:05.956042-0600   5000039   blocked   WAN   205.210.31.36   53339   my_IP   2121   Bad_guys3   
2024-11-21T21:28:05.956042-0600   5000037   blocked   WAN   205.210.31.36   53339   my_IP   2121   Bad_guys1   
2024-11-21T21:28:00.783555-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   52855   Bad_guys12   
2024-11-21T21:28:00.783555-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   52855   Bad_guys10   
2024-11-21T21:28:00.783555-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   52855   Bad_guys7   
2024-11-21T21:28:00.783555-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   52855   Bad_guys6   
2024-11-21T21:28:00.783555-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   52855   Bad_guys12   
2024-11-21T21:27:50.296555-0600   5000046   blocked   WAN   185.224.128.17   43389   my_IP   80   Bad_guys10   
2024-11-21T21:27:50.296555-0600   5000046   blocked   WAN   185.224.128.17   43389   my_IP   80   Bad_guys10   
2024-11-21T21:27:45.326065-0600   5000048   blocked   WAN   118.37.157.169   55167   my_IP   6006   Bad_guys15   
2024-11-21T21:27:45.326065-0600   5000048   blocked   WAN   118.37.157.169   55167   my_IP   6006   Bad_guys15   
2024-11-21T21:27:39.650442-0600   2402000   blocked   WAN   205.210.31.25   54040   my_IP   9997   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:27:39.650442-0600   5000046   blocked   WAN   205.210.31.25   54040   my_IP   9997   Bad_guys10   
2024-11-21T21:27:39.650442-0600   5000041   blocked   WAN   205.210.31.25   54040   my_IP   9997   Bad_guys5   
2024-11-21T21:27:39.650442-0600   5000039   blocked   WAN   205.210.31.25   54040   my_IP   9997   Bad_guys3   
2024-11-21T21:27:39.650442-0600   5000037   blocked   WAN   205.210.31.25   54040   my_IP   9997   Bad_guys1   
2024-11-21T21:27:39.650442-0600   2402000   blocked   WAN   205.210.31.25   54040   my_IP   9997   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:27:38.143329-0600   5000035   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys12   
2024-11-21T21:27:38.143329-0600   5000046   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys10   
2024-11-21T21:27:38.143329-0600   5000044   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys8   
2024-11-21T21:27:38.143329-0600   5000042   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys6   
2024-11-21T21:27:38.143329-0600   5000041   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys5   
2024-11-21T21:27:38.143329-0600   5000039   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys3   
2024-11-21T21:27:38.143329-0600   5000038   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys2   
2024-11-21T21:27:38.143329-0600   5000036   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys13   
2024-11-21T21:27:38.143329-0600   5000035   blocked   WAN   83.222.191.170   50106   my_IP   65379   Bad_guys12   
2024-11-21T21:27:30.170820-0600   5000035   blocked   WAN   79.124.49.130   48122   my_IP   4074   Bad_guys12   
2024-11-21T21:27:30.170820-0600   5000035   blocked   WAN   79.124.49.130   48122   my_IP   4074   Bad_guys12   
2024-11-21T21:27:28.711586-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   64280   Bad_guys11   
2024-11-21T21:27:28.711586-0600   5000040   blocked   WAN   34.117.188.166   443   my_IP   64280   Bad_guys4   
2024-11-21T21:27:28.711586-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   64280   Bad_guys11   
2024-11-21T21:27:28.461897-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   52628   Bad_guys11   
2024-11-21T21:27:28.461897-0600   5000040   blocked   WAN   34.117.188.166   443   my_IP   52628   Bad_guys4   
2024-11-21T21:27:28.461897-0600   5000034   blocked   WAN   34.117.188.166   443   my_IP   52628   Bad_guys11   
2024-11-21T21:27:18.970428-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   51275   Bad_guys12   
2024-11-21T21:27:18.970428-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   51275   Bad_guys10   
2024-11-21T21:27:18.970428-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   51275   Bad_guys7   
2024-11-21T21:27:18.970428-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   51275   Bad_guys6   
2024-11-21T21:27:18.970428-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   51275   Bad_guys12   
2024-11-21T21:27:17.171683-0600   2400032   blocked   WAN   185.234.216.19   59725   my_IP   4769   ET DROP Spamhaus DROP Listed Traffic Inbound group 33   
2024-11-21T21:27:17.171683-0600   5000046   blocked   WAN   185.234.216.19   59725   my_IP   4769   Bad_guys10   
2024-11-21T21:27:17.171683-0600   5000044   blocked   WAN   185.234.216.19   59725   my_IP   4769   Bad_guys8   
2024-11-21T21:27:17.171683-0600   2402000   blocked   WAN   185.234.216.19   59725   my_IP   4769   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:27:17.171683-0600   2400032   blocked   WAN   185.234.216.19   59725   my_IP   4769   ET DROP Spamhaus DROP Listed Traffic Inbound group 33   
2024-11-21T21:27:01.057343-0600   2525003   blocked   WAN   185.208.156.160   59483   my_IP   443   ET 3CORESec Poor Reputation IP group 4   
2024-11-21T21:27:01.057343-0600   2525003   blocked   WAN   185.208.156.160   59483   my_IP   443   ET 3CORESec Poor Reputation IP group 4   
2024-11-21T21:26:45.776136-0600   5000035   blocked   WAN   79.110.62.52   41013   my_IP   48123   Bad_guys12   
2024-11-21T21:26:45.776136-0600   5000046   blocked   WAN   79.110.62.52   41013   my_IP   48123   Bad_guys10   
2024-11-21T21:26:45.776136-0600   5000043   blocked   WAN   79.110.62.52   41013   my_IP   48123   Bad_guys7   
2024-11-21T21:26:45.776136-0600   5000042   blocked   WAN   79.110.62.52   41013   my_IP   48123   Bad_guys6   
2024-11-21T21:26:45.776136-0600   5000035   blocked   WAN   79.110.62.52   41013   my_IP   48123   Bad_guys12   
2024-11-21T21:26:34.440991-0600   5000035   blocked   WAN   154.213.192.15   44872   my_IP   25565   Bad_guys12   
2024-11-21T21:26:34.440991-0600   5000044   blocked   WAN   154.213.192.15   44872   my_IP   25565   Bad_guys8   
2024-11-21T21:26:34.440991-0600   5000041   blocked   WAN   154.213.192.15   44872   my_IP   25565   Bad_guys5   
2024-11-21T21:26:34.440991-0600   5000040   blocked   WAN   154.213.192.15   44872   my_IP   25565   Bad_guys4   
2024-11-21T21:26:34.440991-0600   5000039   blocked   WAN   154.213.192.15   44872   my_IP   25565   Bad_guys3   
2024-11-21T21:26:34.440991-0600   5000035   blocked   WAN   154.213.192.15   44872   my_IP   25565   Bad_guys12   
2024-11-21T21:26:32.965413-0600   5000039   blocked   WAN   179.43.139.98   54123   my_IP   37805   Bad_guys3   
2024-11-21T21:26:32.965413-0600   5000044   blocked   WAN   179.43.139.98   54123   my_IP   37805   Bad_guys8   
2024-11-21T21:26:32.965413-0600   5000039   blocked   WAN   179.43.139.98   54123   my_IP   37805   Bad_guys3   
2024-11-21T21:26:30.295645-0600   5000035   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys12   
2024-11-21T21:26:30.295645-0600   5000046   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys10   
2024-11-21T21:26:30.295645-0600   5000044   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys8   
2024-11-21T21:26:30.295645-0600   5000042   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys6   
2024-11-21T21:26:30.295645-0600   5000041   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys5   
2024-11-21T21:26:30.295645-0600   5000039   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys3   
2024-11-21T21:26:30.295645-0600   5000038   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys2   
2024-11-21T21:26:30.295645-0600   5000036   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys13   
2024-11-21T21:26:30.295645-0600   5000035   blocked   WAN   83.222.190.230   52075   my_IP   2331   Bad_guys12   
2024-11-21T21:26:17.547319-0600   2402000   blocked   WAN   198.235.24.206   52676   my_IP   111   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:26:17.547319-0600   5000044   blocked   WAN   198.235.24.206   52676   my_IP   111   Bad_guys8   
2024-11-21T21:26:17.547319-0600   5000042   blocked   WAN   198.235.24.206   52676   my_IP   111   Bad_guys6   
2024-11-21T21:26:17.547319-0600   5000041   blocked   WAN   198.235.24.206   52676   my_IP   111   Bad_guys5   
2024-11-21T21:26:17.547319-0600   5000037   blocked   WAN   198.235.24.206   52676   my_IP   111   Bad_guys1   
2024-11-21T21:26:17.547319-0600   2402000   blocked   WAN   198.235.24.206   52676   my_IP   111   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:26:02.737289-0600   2400007   blocked   WAN   80.64.30.32   49357   my_IP   54280   ET DROP Spamhaus DROP Listed Traffic Inbound group 8   
2024-11-21T21:26:02.737289-0600   2400007   blocked   WAN   80.64.30.32   49357   my_IP   54280   ET DROP Spamhaus DROP Listed Traffic Inbound group 8   
2024-11-21T21:25:35.208202-0600   2400007   blocked   WAN   79.110.62.144   44497   my_IP   42587   ET DROP Spamhaus DROP Listed Traffic Inbound group 8   
2024-11-21T21:25:35.208202-0600   5000046   blocked   WAN   79.110.62.144   44497   my_IP   42587   Bad_guys10   
2024-11-21T21:25:35.208202-0600   5000043   blocked   WAN   79.110.62.144   44497   my_IP   42587   Bad_guys7   
2024-11-21T21:25:35.208202-0600   5000042   blocked   WAN   79.110.62.144   44497   my_IP   42587   Bad_guys6   
2024-11-21T21:25:35.208202-0600   5000035   blocked   WAN   79.110.62.144   44497   my_IP   42587   Bad_guys12   
2024-11-21T21:25:35.208202-0600   2400007   blocked   WAN   79.110.62.144   44497   my_IP   42587   ET DROP Spamhaus DROP Listed Traffic Inbound group 8   
2024-11-21T21:25:33.648226-0600   2400008   blocked   WAN   85.209.11.184   40003   my_IP   5330   ET DROP Spamhaus DROP Listed Traffic Inbound group 9   
2024-11-21T21:25:33.648226-0600   5000039   blocked   WAN   85.209.11.184   40003   my_IP   5330   Bad_guys3   
2024-11-21T21:25:33.648226-0600   5000036   blocked   WAN   85.209.11.184   40003   my_IP   5330   Bad_guys13   
2024-11-21T21:25:33.648226-0600   5000035   blocked   WAN   85.209.11.184   40003   my_IP   5330   Bad_guys12   
2024-11-21T21:25:33.648226-0600   2402000   blocked   WAN   85.209.11.184   40003   my_IP   5330   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:25:33.648226-0600   2400008   blocked   WAN   85.209.11.184   40003   my_IP   5330   ET DROP Spamhaus DROP Listed Traffic Inbound group 9   
2024-11-21T21:25:18.553998-0600   2402000   blocked   WAN   198.235.24.176   54811   my_IP   5906   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:25:18.553998-0600   5000044   blocked   WAN   198.235.24.176   54811   my_IP   5906   Bad_guys8   
2024-11-21T21:25:18.553998-0600   5000042   blocked   WAN   198.235.24.176   54811   my_IP   5906   Bad_guys6   
2024-11-21T21:25:18.553998-0600   5000041   blocked   WAN   198.235.24.176   54811   my_IP   5906   Bad_guys5   
2024-11-21T21:25:18.553998-0600   5000037   blocked   WAN   198.235.24.176   54811   my_IP   5906   Bad_guys1   
2024-11-21T21:25:18.553998-0600   2402000   blocked   WAN   198.235.24.176   54811   my_IP   5906   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:25:17.522659-0600   5000035   blocked   WAN   79.110.62.155   45071   my_IP   12590   Bad_guys12   
2024-11-21T21:25:17.522659-0600   5000046   blocked   WAN   79.110.62.155   45071   my_IP   12590   Bad_guys10   
2024-11-21T21:25:17.522659-0600   5000043   blocked   WAN   79.110.62.155   45071   my_IP   12590   Bad_guys7   
2024-11-21T21:25:17.522659-0600   5000042   blocked   WAN   79.110.62.155   45071   my_IP   12590   Bad_guys6   
2024-11-21T21:25:17.522659-0600   5000035   blocked   WAN   79.110.62.155   45071   my_IP   12590   Bad_guys12   
2024-11-21T21:24:56.672440-0600   5000037   blocked   WAN   64.62.197.236   47414   my_IP   80   Bad_guys1   
2024-11-21T21:24:56.672440-0600   5000042   blocked   WAN   64.62.197.236   47414   my_IP   80   Bad_guys6   
2024-11-21T21:24:56.672440-0600   5000041   blocked   WAN   64.62.197.236   47414   my_IP   80   Bad_guys5   
2024-11-21T21:24:56.672440-0600   5000037   blocked   WAN   64.62.197.236   47414   my_IP   80   Bad_guys1   
2024-11-21T21:24:56.430165-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   56259   Bad_guys12   
2024-11-21T21:24:56.430165-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   56259   Bad_guys10   
2024-11-21T21:24:56.430165-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   56259   Bad_guys7   
2024-11-21T21:24:56.430165-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   56259   Bad_guys6   
2024-11-21T21:24:56.430165-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   56259   Bad_guys12   
2024-11-21T21:24:54.052022-0600   5000035   blocked   WAN   79.110.62.194   44699   my_IP   24534   Bad_guys12   
2024-11-21T21:24:54.052022-0600   5000046   blocked   WAN   79.110.62.194   44699   my_IP   24534   Bad_guys10   
2024-11-21T21:24:54.052022-0600   5000043   blocked   WAN   79.110.62.194   44699   my_IP   24534   Bad_guys7   
2024-11-21T21:24:54.052022-0600   5000042   blocked   WAN   79.110.62.194   44699   my_IP   24534   Bad_guys6   
2024-11-21T21:24:54.052022-0600   5000035   blocked   WAN   79.110.62.194   44699   my_IP   24534   Bad_guys12   
2024-11-21T21:24:52.154735-0600   2402000   blocked   WAN   167.94.138.159   53843   my_IP   8880   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:24:52.154735-0600   5000046   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys10   
2024-11-21T21:24:52.154735-0600   5000044   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys8   
2024-11-21T21:24:52.154735-0600   5000043   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys7   
2024-11-21T21:24:52.154735-0600   5000042   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys6   
2024-11-21T21:24:52.154735-0600   5000038   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys2   
2024-11-21T21:24:52.154735-0600   5000037   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys1   
2024-11-21T21:24:52.154735-0600   5000036   blocked   WAN   167.94.138.159   53843   my_IP   8880   Bad_guys13   
2024-11-21T21:24:52.154735-0600   2402000   blocked   WAN   167.94.138.159   53843   my_IP   8880   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:24:33.393256-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   59494   Bad_guys12   
2024-11-21T21:24:33.393256-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   59494   Bad_guys10   
2024-11-21T21:24:33.393256-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   59494   Bad_guys7   
2024-11-21T21:24:33.393256-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   59494   Bad_guys6   
2024-11-21T21:24:33.393256-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   59494   Bad_guys12   
2024-11-21T21:24:29.140284-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   56629   Bad_guys12   
2024-11-21T21:24:29.140284-0600   5000046   blocked   WAN   79.110.62.140   49811   my_IP   56629   Bad_guys10   
2024-11-21T21:24:29.140284-0600   5000043   blocked   WAN   79.110.62.140   49811   my_IP   56629   Bad_guys7   
2024-11-21T21:24:29.140284-0600   5000042   blocked   WAN   79.110.62.140   49811   my_IP   56629   Bad_guys6   
2024-11-21T21:24:29.140284-0600   5000035   blocked   WAN   79.110.62.140   49811   my_IP   56629   Bad_guys12   
2024-11-21T21:24:22.046274-0600   2402000   blocked   WAN   147.185.133.40   57013   my_IP   49687   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:24:22.046274-0600   5000041   blocked   WAN   147.185.133.40   57013   my_IP   49687   Bad_guys5   
2024-11-21T21:24:22.046274-0600   5000038   blocked   WAN   147.185.133.40   57013   my_IP   49687   Bad_guys2   
2024-11-21T21:24:22.046274-0600   5000037   blocked   WAN   147.185.133.40   57013   my_IP   49687   Bad_guys1   
2024-11-21T21:24:22.046274-0600   2402000   blocked   WAN   147.185.133.40   57013   my_IP   49687   ET DROP Dshield Block Listed Source group 1   
2024-11-21T21:24:21.877643-0600   2400023   blocked   WAN   154.213.184.18   32905   my_IP   1085   ET DROP Spamhaus DROP Listed Traffic Inbound group 24

Please these IPs are spoofed
Someone else has the real IP
Everyone please dont bother grandma;s router
November 22, 2024, 07:20:48 AM #6
I'm also a bit beside myself reading your messages...

The firewall appears to be working as expected

Do you have CrowdSec setup?

You don't have to manage your own block lists. They have three block lists you can subscribe to, and you can alias 'subscribe' block lists in OPNSense too.

Block lists help, but they are not a "fix". They can do as much damage as good.

Best wishes, use IDS and Firewall and enable the Firewall's list with your IDS/Suricata EVELOG Output Severity 1/2 TCP hits via CrowdSec, for free for one Security Engine
Custom: ASRock 970 Extreme3 R2.0 / AMD FX-8320E / 32 GB DDR3 1866 / X520 & I350 / 500GB SATA
November 22, 2024, 08:03:21 AM #7 Last Edit: November 22, 2024, 08:44:42 AM by Patrick M. Hausen
@someone you do not need Suricata to stay safe. A default OPNsense installation will block everything coming in on WAN. You cannot be hacked if you do not create any allow rules on the WAN interface.

It does not matter what people throw at you all day. It's blocked, so who cares?

To repeat:

- start with a fresh installation of OPNsense
- connect a single PC or a switch to LAN
- configure WAN for your ISP
- set a strong root password

Done. You are perfectly safe. It's impossible to "hack" you over the Internet. You do not need any additional configuration.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 22, 2024, 04:59:41 PM #8 Last Edit: November 22, 2024, 06:11:13 PM by someone
Thank you
That would be nice
I was coming from iptables, opnsense is a little different
And I saw a two Utube videos to set up opnsense where they opened ports in the firewall
They said to get opnsense to work, well I closed them, thanks for that info
I found the box I have been looking for and overlooked for so long
Preoccupied with getting hacked
The DHCP IP range is under interfaces > wan. > alias ipv4 box
Testing that one, worked just a few minutes ago , will test some more
Descriptions and documentation needs work I think
Thanks for your help
That looks like correct box being under interfaces set to wan
when it mentions client I think in that case it refers to opnsense
being a client of the ISP dhcp server
Going to start testing it now, thanks
January 04, 2025, 07:28:34 AM #9
Nope the correct box for DHCP address is in Intrusion Detection>Administration>click advanced in upper left>
and enter the IP or IP range in the home networks box, and delete the ones you dont need
Or if yours is one of the two defaults, its already done, delete the one you dont need
I havnt tested it but may also enter your static address here too
It ties your IP to the suricata rulesets
Took me awhile to find it
February 24, 2025, 04:04:41 AM #10
Quote from: someone on November 21, 2024, 07:50:23 PM
Head Soccer
Quote from: someone on November 21, 2024, 07:50:23 PMIF in static mode , place your static IP under interfaces
If in DHCP, several things, or if you have a static IP also
Place your IP in Intrusion Detection > Administration > Settings > Home Networks box
Put your  IP or range in the box
Behind a router can be a specific IP or range
If not behind a router can put your IP in the box
If you have a DHCP range, can put the range in the box
testing this and the rules are working without modifications
thanks
IF in static mode , place your static IP under interfaces
If in DHCP, several things, or if you have a static IP also
Place your IP in Intrusion Detection > Administration > Settings > Home Networks box
Put your  IP or range in the box
Behind a router can be a specific IP or range
If not behind a router can put your IP in the box
If you have a DHCP range, can put the range in the box
testing this and the rules are working without modifications
thanks

If you are using DHCP, here are a few things to keep in mind:
If you have a static IP address, set your IP address under Intrusion Detection > Administration > Settings > Home Networks.
Enter your IP address or IP address range in the appropriate box.
If you are behind a router, you can use a specific IP address or IP address range.
If you are not behind a router, you can enter your IP address in the box.
If you have a DHCP range, you can enter that range in the box.
Print
Go Up Pages1
User actions