Looking for testers Q-Feeds plugin

[Q-Feeds]

It's been a while and I didn't receive any PM on how to set up qfeeds. Is the beta testing over or having enough accounts already ?

Apologies, it seems I overlooked your earlier message. The beta testing is still ongoing, and we'd be happy to get you set up with Q-Feeds.

I'll send you a PM with the setup details so you can get started right away.

Stefan

[DEC670airp414user]

The homepage has in big bold large font platform spelled incorrectly

As a business user of Opnsense is this actually going to replace geoip?   My understanding is Opnsense provides the ip addresses currently to be blocked by country

[passeri]

A query, and a minor cosmetic issue.

The e-mail on setup advises to "Rotate API keys regularly". This is not in the manual. Please describe the need and frequency further.

The latest manual refers to

Code Select Expand

QFeeds_ip_malware whereas when setting up the rule the alias discovered is

Code Select Expand

__qfeeds_malware_ip

[IxPo]

Hi,

I'm also interested in testing out Q-Feeds.

Xavier.

[Q-Feeds]

The homepage has in big bold large font platform spelled incorrectly

As a business user of Opnsense is this actually going to replace geoip?   My understanding is Opnsense provides the ip addresses currently to be blocked by country

That was quite a stupid typo :) Thanks for pointing it out!

No, it's not replacing GeoIP. GeoIP blocks IPs based purely on geographic location, basically saying "block everything from this country." But from a security perspective, that approach isn't really sufficient and sometimes even disrupts valid services. It's also quite easy for cybercriminals to just host malicious stuff within 'trusted countries'.

For example, we have to trust certain countries because many legitimate services are hosted there (think of CDNs, cloud providers, etc.), yet within those same countries, you'll still find malicious infrastructure. And the opposite is true as well, not everything coming from a country that's often blocked is necessarily bad.

That's exactly what we're focussing on, instead of blindly blocking by country, we focus on verified malicious activity. So you only block what's actually harmful or at least unwanted.

That said. You can still block using GeoIP if your situation allows it. It's a different approach though.

[Q-Feeds]

A query, and a minor cosmetic issue.

The e-mail on setup advises to "Rotate API keys regularly". This is not in the manual. Please describe the need and frequency further.

The latest manual refers to

Code Select Expand

QFeeds_ip_malware whereas when setting up the rule the alias discovered is

Code Select Expand

__qfeeds_malware_ip

Thanks for your feedback! Fixed the email template by removing that sentence. And we'll update the manual shortly!

[Q-Feeds]

Hi,

I'm also interested in testing out Q-Feeds.

Xavier.

Thanks in advance, we will send you a PM shortly!

[BoodahsFever]

Hi,

Also interested in trying this out.

Misja

[Q-Feeds]

Hi,

Also interested in trying this out.

Misja

It's in your inbox!

[robddavies]

I have two Opnsense firewalls and would like to try this out if possible.

Thanks

Rob

[Q-Feeds]

I have two Opnsense firewalls and would like to try this out if possible.

Thanks

Rob

We are looking forward to hearing your feedback!

[wbennett]

Hello, if possible, I would like to try this out as well. Cheers!

[Q-Feeds]

Hello, if possible, I would like to try this out as well. Cheers!

In your PM! Thanks.

[tessus]

Wow, great discussion until now. I'd like to test it as well.

Reading the entire 9 pages, I already have a few comments/questions ;-) :

- alerts/notifications were mentioned via email/snmp

Webhooks would be great as well. e.g. this makes it possible to use a bunch of external systems like gotify.
Since this is a partnership, maybe an OPNsense core service for notifications can be created (email, snmp, webhooks, ...) and the QFeeds plugin just uses what is set up there. I am sure there are other plugins and even OPNsense internal areas where notifications could be beneficial.

- clarification of device/user licensing (opnsense, pihole)

pihole was mentioned to block domains. But it was also mentioned that you need a different API key. Does this mean that I do need 2 subscriptions, if I were to buy the plus plan) to use the opnsense plugin and my pihole (on a different box in my home network)? On the free plan, do I still need 2 API keys for opnsense and pihole?

- feedback on feedback

The things that came up in the feedback so far which are most important/interesting to me are:

- auto deploy rules
- reporting/stats (e.g. keep track of the top X (10-100) blocks, timestamp, source, reason, ... in a db or even just a text file. I don't want to manually search multiple logs)

[Q-Feeds]

Wow, great discussion until now. I'd like to test it as well.

Reading the entire 9 pages, I already have a few comments/questions ;-) :

- alerts/notifications were mentioned via email/snmp

Webhooks would be great as well. e.g. this makes it possible to use a bunch of external systems like gotify.

........

Hi Tessus,

Great to have you in the test group as well, I'll send you the details right after I've posted this message.

- Alerting / Notifications

I'll bring it up with the team. Although as you mentioned as well, I think this should be broader then just the Q-Feeds plugin.

- License clarification
For the community edition users do need two API-keys indeed. For paid subscriptions we will help you out so it's just one subscription ;-)
Due the feedback we've received we're looking into options to revisit the current behavior with the rate limit and the way subscriptions are 'enforced'.

- Feedback on the feedback on feedback :D
We actually had quite a long brain storm today about the auto-deploy rules feature. For now, we've decided to put it on hold, mainly because there's really no "one rule fits all" approach. We're also cautious that users might assume, "If it's auto-created, it must be correct."
What's your take on this? How would you imagine a perfect auto-deploy function that works for everyone (or at least most users)?

-Reporting stats
On this part we've actually made some great progress today so for the release version we're planning for an extra tab called 'Events' which will show the logs/events related to the Q-Feeds intelligence.