Feature Request - Better PC-Gaming Support

[W0nderW0lf]

I think Suricata is kidding me.

[W0nderW0lf]

Thats what I see instead of some Windows alerts

[W0nderW0lf]

So somehow a miracle has happened I cannot explain.
After this huge Attack on my Linux Client, I thought it would be the best to backup opnsense and reinstall from new. Just in case opnsense has been compromized.
Turns out, this was the best decision of the day. Because, before and after the Upgrade from 20.1.9 to 20.7.1, I experienced some little bugs in opnsense like configctl timeouts and similar.
After Reinstalling with Base Image 20.7, updating to 20.7.1 I saw that none of the previous experienced bugs reappeared. I restored the previous made backup, activated and reloaded all suricata rules. A short while later, I saw in suricata the first ICMP blocks. Seemed like suricata was working again and doing it's job.
Later that evening, I turned on my Windows and started playing after that long day. But I forgot to switch the LAN cable from my non opnsense router back, so I could connect to blizzard. I didn't realize that Windows was still connected to opnsense. I wondered what went wrong and almost shit my pants, because I thought that suricata has stopped working and I have been compromised again.
When I checked the logs, I finally saw that Suricata has managed to alert a connection to blizzard
I changed nothing in Suricata. This tells me, that it somehow was bugged at some point. Now I can easily connect to blizzard and Star Citizen again...

Take a look:

[FullyBorked]

Btw ...
I already have sensei on all non WAN interfaces running.

Of course I turned Sensei off, when I was testing. I think it might break things, if I change the Interface from WAN to LAN, where Sensei already is listening on, or?

You should only have Sensei on your LAN interfaces it's not meant to be on WAN.  Suricata can be ran on WAN, but Sensei and Suricata can't be on the same interfaces. 

I have Sensei enabled on my LAN, and Suricata on my WAN1, WAN2, and DMZ.  I have outbound nat set to Static (there is only a very small hit to security here).  I also have UPnP setup, but it's rarely used I almost never see anything in status except for a few games.  I'll argue security here isn't a huge issue as long as you keep an eye on it.  I wouldn't have it in my corp environments but at home it's convenient and fine with me.   battle.net works just fine for me, I don't play star citizen though so can't speak to that.

My advice would be to slow down a bit.  Disable everything extra, disable Sensei, disable Suricata.  Get your games working then slowly enable things until it stops working then you'll know where to focus your energy.   

[W0nderW0lf]

without meaning it badly, but did u even read?
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.

My advice to you would be, read carefully before giving advices.

[FullyBorked]

without meaning it badly, but did u even read?
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.

My advice to you would be, read carefully before giving advices.

Yup, I misread very sorry to have offended you. 

My advice to you would be less of an asshat when someone is just trying to help you for free, taking time out of their busy day and schedule to spread some knowledge and help out a fellow user. 

Carry on I wish you well.

[lfirewall1243]

So somehow a miracle has happened I cannot explain.
After this huge Attack on my Linux Client, I thought it would be the best to backup opnsense and reinstall from new. Just in case opnsense has been compromized.
Turns out, this was the best decision of the day. Because, before and after the Upgrade from 20.1.9 to 20.7.1, I experienced some little bugs in opnsense like configctl timeouts and similar.
After Reinstalling with Base Image 20.7, updating to 20.7.1 I saw that none of the previous experienced bugs reappeared. I restored the previous made backup, activated and reloaded all suricata rules. A short while later, I saw in suricata the first ICMP blocks. Seemed like suricata was working again and doing it's job.
Later that evening, I turned on my Windows and started playing after that long day. But I forgot to switch the LAN cable from my non opnsense router back, so I could connect to blizzard. I didn't realize that Windows was still connected to opnsense. I wondered what went wrong and almost shit my pants, because I thought that suricata has stopped working and I have been compromised again.
When I checked the logs, I finally saw that Suricata has managed to alert a connection to blizzard
I changed nothing in Suricata. This tells me, that it somehow was bugged at some point. Now I can easily connect to blizzard and Star Citizen again...

Take a look:

So is it working now ?

But just because you disable your network should be able to get compromised, if it is easy possible you have other problems than gaming.

More important would be, what is trying to compromise your Clients or are they already compromised?

[lfirewall1243]

And generally it's not the right way to just enable all suricate rules and set them to drop.

Enable them wisely, look what alerts are happening and set them to drop and test your network.

But not the way how you do it. Just causing a big chaos while looking for bugs

[Momo9858]

Are the suricate rules on Alert or Block?
รีวิวคาสิโนออนไลน์