I'm at my wits end

[opnsenseuser8473]

Show your firewall rules and if applicable also NAT port forwarding on WAN or nobody will be able to help you.

I apologies as specified above this is my first time working with opnsense, but to be more specfic and it forums, or forum in general so I don't know the full scope of its functions. Im on my email often but no notifications are being sent. so i apologies for delay. I politely ask for a bit more patience. I dont know the specfics terms of the forum or functions of the site.

my experience is with commercial homeuse grade hardware and software that uses outbound and inbound terms.

I do know the rule orders and what "in and out" mean even if I reference outbound or inbound. when the above individual said set up with no specifics after referencing hardware that's what I assumed.

My wan interface is just a genric block inbound trafic rule directed toward wan.

a block IP list rule applied indivdually for source and destinations for "in" and "out" so 4 rule.


If you want my other interphase system configuration settings rules they are pretty generic.

Infront General inbound block all rule,
 No general allow outbound.

 A redundant specific block rule for IP that abuse any open ports

Just general outbound access to specific ports,the typical INTERNET ports, 80 443 and 53 for dns sometimes my DNS needs an "out" to function

a generic all block at the end, even if redundant.

The set ups in the right order and the relative "in" and "out" rules are placed. Nothing complicated such as shaping they are all generic.

The unusual outbound ports that get opened are video game (ps5)specfic ports whos interface is typically closed unless used.

Port forwarding rules are only in use when I have multiple devices running and that's only directed to the ps5 interface and they are to specific game ports if needed.

As for defense protection updated crowdsec and suricata updated and base IPS rule. As i was told they work together. Hyperscan applied to all ports, Syncookies enabled.

Nat ports set to hybrid nothing specfic. as I was trying to get VPN working but nothing came about it.

This next statement might come off paranoid to those that haven't first hand seen the situation.

But for context of history im actually dealing with a situation where a fellow college student at the time lied, said I "hacked" the indivdual and said other false things. In my old system I was constantly ddos, TCP no flagged and null attacks  I had my DNS leaked information and unencrypted traffic made public to everyone involved. The amount of crap I had to clean in that old system was bad. So I switched to opnsense cause it was said to be superior granted some buggy states and plugin exploits that get patches along the way.

So in short, these kids went on a revenge plot. What was stated by them they thinking its a "game". I'm just Trying figure out what the heck is going on or what they are exploiting. Whether it be this system or an already compromised device I don't know.

From my understanding configuration setup issues system freese shouldn't magically go away for a longer time each time after I clean install the system and additionally block the list of ip. That would suggest the issues is relative to the ips ingeneral. unless they are trying to "sledge hammer" to force open ports like with my old system which which they abused a lot that caused my old cheap system to stop functioning often. no I didnt specifically open any ports.

I'm new with this system not new in general. Each interface follows the simlar format with exception to wan and the console which specific outbound game ports are needed.

If this is the list of everything adjusted by me if more adjustments or information is needed please let me know but my firewall has generic rules.

[Patrick M. Hausen]

Show. The. Rules. Literally. Screenshots.

Please.

You don't need any rule on WAN for example. OPNsense blocks by default.

So this:

My wan interface is just a genric block inbound trafic rule directed toward wan.

Might be not quite what you intend it to do but instead opens up things.

A "virgin" OPNsense with only WAN IP settings configured and a PC or a switch connected to LAN is secure by default.

I would recommend starting with this setup and then working from there, step by step.

Kind regards,
Patrick

[opnsenseuser8473]

Show. The. Rules. Literally. Screenshots.

Please.

You don't need any rule on WAN for example. OPNsense blocks by default.

So this:

My wan interface is just a genric block inbound trafic rule directed toward wan.

Might be not quite what you intend it to do but instead opens up things.

A "virgin" OPNsense with only WAN IP settings configured and a PC or a switch connected to LAN is secure by default.

I would recommend starting with this setup and then working from there, step by step.

Kind regards,
Patrick

Thank you for your time I will post it shortly as I'm only able to access online with my phone at the moment do to "complications"

[opnsenseuser8473]

Show. The. Rules. Literally. Screenshots.

Please.

You don't need any rule on WAN for example. OPNsense blocks by default.

So this:

My wan interface is just a genric block inbound trafic rule directed toward wan.

Might be not quite what you intend it to do but instead opens up things.

A "virgin" OPNsense with only WAN IP settings configured and a PC or a switch connected to LAN is secure by default.

I would recommend starting with this setup and then working from there, step by step.

Kind regards,
Patrick

Thank you for your time I will post it shortly as I'm only able to access online with my phone at the moment do to "complications"

Show. The. Rules. Literally. Screenshots.

Please.

You don't need any rule on WAN for example. OPNsense blocks by default.

So this:

My wan interface is just a genric block inbound trafic rule directed toward wan.

Might be not quite what you intend it to do but instead opens up things.

A "virgin" OPNsense with only WAN IP settings configured and a PC or a switch connected to LAN is secure by default.

I would recommend starting with this setup and then working from there, step by step.

Kind regards,
Patrick

so your saying that putting block rules opens the firewall that's weird. I put a redundant all block in a few min.

[opnsenseuser8473]

Show. The. Rules. Literally. Screenshots.

Please.

You don't need any rule on WAN for example. OPNsense blocks by default.

So this:

My wan interface is just a genric block inbound trafic rule directed toward wan.

Might be not quite what you intend it to do but instead opens up things.

A "virgin" OPNsense with only WAN IP settings configured and a PC or a switch connected to LAN is secure by default.

I would recommend starting with this setup and then working from there, step by step.

Kind regards,
Patrick

Thank you for your time I will post it shortly as I'm only able to access online with my phone at the moment do to "complications"

I apologies as the system that is connecting to opnsense is a glorified moniter so its set up with no internet access because its old. So this is the best I can do the port imposter is 443 and 80. Because some but try to port in using upd port 443 and 80... But they are TCP ports

[opnsenseuser8473]

Says files too big here's the URL of the images. I just googled image to URL converter
https://cdn.corenexis.com/media?608n34&24H&p&b&zyig.jpg
https://cdn.corenexis.com/media?934wlk&24H&p&b&00s9.jpg
Https://cdn.corenexis.com/media?23myga&24H&p&b&tb1p.jpg
https://cdn.corenexis.com/media?0b4rwk&168H&p&b&zieq.jpg

[opnsenseuser8473]

Says files too big here's the URL of the images. I just googled image to URL converter
https://cdn.corenexis.com/media?608n34&24H&p&b&zyig.jpg
https://cdn.corenexis.com/media?934wlk&24H&p&b&00s9.jpg
Https://cdn.corenexis.com/media?23myga&24H&p&b&tb1p.jpg
https://cdn.corenexis.com/media?0b4rwk&168H&p&b&zieq.jpg

Granted for security I cant give the full details of who's blocked but it should help.

[Patrick M. Hausen]

Please attach the images here in the forum. I'm not clicking on links to a site I never heard of, sorry.

[opnsenseuser8473]

I tried I honestly am trying. My attachment say too big. I'll report in after an hour after I figure out how to use this forum. I'm new to writing in forums.

[opnsenseuser8473]

Please attach the images here in the forum. I'm not clicking on links to a site I never heard of, sorry.

here is what im working with nothing complex

[opnsenseuser8473]

Please attach the images here in the forum. I'm not clicking on links to a site I never heard of, sorry.

i have my own modem, no router built in and when port forward in use its connected to a properly isolated with dual trunk set up, cause the switch is weird when it comes to using the same trunk port for separate vlans interfaces in that switch.  my only concern is how does adding a block rule open up ports typically, from my understanding its allow rules.

[Patrick M. Hausen]

I'd argue that all your WAN block rules on the top of your list don't actually achieve anything. You have "!BadWanIP" as the source in your allow rules, so these are blocked, already. I assume there are corresponding inbound NAT rules?

Everything that is not explicitly allowed is blocked by default.

Can you disable IDS/IPS completely and reboot and check if the problem persists?

Kind regards,
Patrick

[meyergru]

Adding to this: There are also many "out" rules, which are mostly redundant, because usually, you check packets when they enter an interface ("in" direction). Since OpnSense is a stateful firewall, the responses to allowed packets are allowed as well, so you do not need two rules for the same traffic.

You should probably study this section of the docs very closely, where it says:

Traffic can be matched on in[coming] or out[going] direction, our default is to filter on incoming direction. In which case you would set the policy on the interface where the traffic originates from.