Looking for testers Q-Feeds plugin

Started by Q-Feeds, October 01, 2025, 08:43:40 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 10 11 12 13 14 ... 16
User actions
October 11, 2025, 01:29:43 PM #165
You don't need to uninstall the old one.

I did the install just over the old one, it should seamlessly upgrade it.

To remove it you can run
Code Select
pkg remove
 instead of

Code Select
pkg add
Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 11, 2025, 01:32:33 PM #166
Dang, I was hopeful but that still shows the same behavior even on stock theme
For logs I see this in the Web GUI log tab:
 (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused

For backend I see:
[34c6aa36-3191-4630-92d7-cb4980e92036] Script action stderr returned "b'/bin/sh: /usr/local/opnsense/scripts/qfeeds/qfeedsctl.py: not found'"

and

[8f76feea-fd1b-40e5-9b0a-9c4a4e852bfd] Script action failed with Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py stats ' returned non-zero exit status 127. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 89, in execute subprocess.run(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py stats ' returned non-zero exit status 127.
October 11, 2025, 01:37:09 PM #167
One last question, on the Firmware > Plugins page I see
os-q-feeds-connector (misconfigured)

Is that anything to worry about?
October 11, 2025, 01:42:25 PM #168
Thats normal, once its put into the Core e.g proper repos it will not show anymore.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 11, 2025, 02:12:25 PM #169
Quote from: Seimus on October 11, 2025, 12:44:14 PM
Quote from: Q-Feeds on October 11, 2025, 09:48:36 AMYes the 50K is hardcoded because as you mentioned it takes some time and resources to parse the logs as for now.

Gives sense, but keep in mind even those 50K can for some users peg the CPU during load, cause not everybody is running official DEC HW or N100.
I would suggest here to create similar filtering as its in the official logs. Basically we can filter from last day, week, month, all. This is as well very good for Tshoots, or if I want to check back in history.

............

Thank you for these great ideas! Some were already on the roadmap indeed; like the subcategories and whitelisting. I've added the filtering functionality to the backlog as wel, that might indeed solve the CPU load challenge.

Your Threat Intelligence Partner  qfeeds.com
October 11, 2025, 02:17:42 PM #170 Last Edit: October 11, 2025, 02:45:44 PM by Q-Feeds
Quote from: Lurick on October 11, 2025, 01:32:33 PMDang, I was hopeful but that still shows the same behavior even on stock theme
For logs I see this in the Web GUI log tab:
 (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused

.........

Hmm interesting. Perhaps a reinstall of the plugin does the trick, like Seimus suggested ?
Otherwise could you provide us with the output of the following commands:

/usr/local/opnsense/scripts/qfeedsctl.py fetch_index -v
/usr/local/opnsense/scripts/qfeedsctl.py fetch -v
/usr/local/opnsense/scripts/qfeedsctl.py firewall_load -v

Your Threat Intelligence Partner  qfeeds.com
October 11, 2025, 02:23:39 PM #171
Quote from: Taunt9930 on October 11, 2025, 12:53:41 PMFinally got around to installing this, and bought a plus license. Nothing much to add beyond the feedback already given - very impressed!

Agree with Seimus comments on VPN endpoints above

I don't think I've seen a comment for these:

-The manual/setup instructions don't explicitly tell you to enable logging for the rules you set up - that might not be obvious for less experienced users.

-Also when talking about Source/Destination and Block/Reject it says "For your LAN (source) rule you could use Reject" - per the rule examples is that not Rule 1 / Destination (rather than source)? 

How long before we might be able to utilise Domains and URLs feeds in OPNSense?

First of all thank you very much for your trust and support!

Your documentation feedback is spot on and we will update it soon.

You can already use DNS if you're running AdGuard or Pi-hole. As mentioned, we're also adding this feature to the plugin. It requires some core changes, which is why it's taking a bit longer. We plan to release it later this year, though we can't give an exact timeline yet.

Your Threat Intelligence Partner  qfeeds.com
October 11, 2025, 03:06:48 PM #172
Quote from: Q-Feeds on October 11, 2025, 02:17:42 PM
Quote from: Lurick on October 11, 2025, 01:32:33 PMDang, I was hopeful but that still shows the same behavior even on stock theme
For logs I see this in the Web GUI log tab:
 (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused

.........

Hmm interesting. Perhaps a reinstall of the plugin does the trick, like Seimus suggested ?
Otherwise could you provide us with the output of the following commands:

/usr/local/opnsense/scripts/qfeedsctl.py fetch_index -v
/usr/local/opnsense/scripts/qfeedsctl.py fetch -v
/usr/local/opnsense/scripts/qfeedsctl.py firewall_load -v




Sure, reinstall didn't fix it sadly

Quoteroot@firewall:/usr/local/opnsense/scripts/qfeeds # ./qfeedsctl.py fetch_index -v
send: b'GET /licenses.php HTTP/1.1\r\nHost: api.qfeeds.com\r\nUser-Agent: Q-Feeds_OPNsense\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic {redacted}\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Sat, 11 Oct 2025 13:04:45 GMT
header: Server: Apache/2
header: X-Content-Type-Options: nosniff
header: Strict-Transport-Security: max-age=63072000; includeSubDomains
header: Upgrade: h2,h2c
header: Connection: Upgrade, Keep-Alive
header: Vary: Accept-Encoding,User-Agent
header: Content-Encoding: gzip
header: X-XSS-Protection: 1
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: Referrer-Policy: no-referrer-when-downgrade
header: Feature-Policy: geolocation 'self'; vibrate 'none'
header: X-Download-Options: noopen
header: X-Permitted-Cross-Domain-Policies: master-only
header: X-DNS-Prefetch-Control: on
header: Strict-Transport-Security: max-age=31536000
header: Permissions-Policy: geolocation=*, midi=(), sync-xhr=(self "https://qfeeds.com" "https://www.qfeeds.com"), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=(), fullscreen=(self "https://qfeeds.com" "https://www.qfeeds.com")
header: Content-Length: 733
header: Keep-Alive: timeout=2, max=100
header: Content-Type: application/json
downloaded index to /var/db/qfeeds-tables/index.json
root@firewall:/usr/local/opnsense/scripts/qfeeds # ./qfeedsctl.py fetch -v
skipped /var/db/qfeeds-tables/malware_ip.txt [2025-10-11T13:00:00Z]
skipped /var/db/qfeeds-tables/malware_domains.txt [2025-10-11T13:00:00Z]
skipped /var/db/qfeeds-tables/phishing_urls.txt [2025-10-11T13:00:00Z]
root@firewall:/usr/local/opnsense/scripts/qfeeds # ./qfeedsctl.py firewall_load -v
load feed malware_ip [no changes.]
root@firewall:/usr/local/opnsense/scripts/qfeeds #




I did have to use:
/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py
instead of
/usr/local/opnsense/scripts/qfeedsctl.py
to run the three commands
October 11, 2025, 03:37:24 PM #173

Lurick, you have company I have the same problem.

Have done: pkg remove/pkg add

The problem remains.
October 11, 2025, 03:41:36 PM #174 Last Edit: October 11, 2025, 03:48:55 PM by Q-Feeds
QuoteI did have to use:
/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py
instead of
/usr/local/opnsense/scripts/qfeedsctl.py
to run the three commands

Aah yes that was my mistake. The commands show the expected behavior.. you've tried a reboot already I guess ?

Or this "service configd restart"

Your Threat Intelligence Partner  qfeeds.com
October 11, 2025, 04:54:46 PM #175
Quote from: Q-Feeds on October 11, 2025, 03:41:36 PM
QuoteI did have to use:
/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py
instead of
/usr/local/opnsense/scripts/qfeedsctl.py
to run the three commands

Aah yes that was my mistake. The commands show the expected behavior.. you've tried a reboot already I guess ?

Or this "service configd restart"

service configd restart didn't fix it but a firewall reboot did :)
October 11, 2025, 04:57:30 PM #176
Installed and working
October 11, 2025, 05:30:31 PM #177
Reboot worked here too, all three tabs show and working properly.

Thanks
October 11, 2025, 09:07:19 PM #178
Glad it worked out in the end !

Your Threat Intelligence Partner  qfeeds.com
October 12, 2025, 03:32:25 AM #179
Having worked through my process mentioned earlier, I have Q-Feeds working on my edge Opnsense on 25.7.5, and blocking stuff, apparently usefully. Now to questions around purchasing.

I notice on the Q-Feeds dashboard that I have access to Premium IPs, Domains, and URLs. The first of those, IPs, is available in the Plus (99€) package but URLs and Domains require the full Premium package, 249€. That is, after a Plus purchase and expiry of the testing phase, blocking will be worse than it is now. Is it possible to distinguish what proportion of current blocks are based on which list (/ tier)?

The tier for Plus includes support and allows 1-49 users, more people than the average family. Have you considered a tier without support for 1-5 users, a common home setup and licensing tier?
Deciso DEC697
Print
Go Up Pages 1 ... 10 11 12 13 14 ... 16
User actions