Looking for testers Q-Feeds plugin

Started by Q-Feeds, October 01, 2025, 08:43:40 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 17 18 19 20 21
User actions
October 18, 2025, 02:22:48 PM #270
We're trying to be as inclusive as possible, even those on the legendary UTC+8:45 timezone 😄 I pulled all the timezones directly from PHP, so apparently they're not paying much attention to Canberra either! ;)

David

Your Threat Intelligence Partner  qfeeds.com
October 18, 2025, 03:31:35 PM #271
Please see below requested information.

Quote from: Q-Feeds on October 18, 2025, 10:28:20 AMCheck if Q-Feeds tables exist and contain entries:

   pfctl -t __qfeeds_malware_ip -T show | head -10

   1.0.0.4
   1.0.0.181
   1.0.0.187
   1.0.75.78
   1.0.138.92
   1.0.151.224
   1.0.152.138
   1.0.153.83
   1.0.153.159
   1.0.158.78

   pfctl -t __qfeeds_malware_ip -T show | wc -l

 491863

Check firewall rules for Q-Feeds table references:
  pfctl -sr | grep "<__qfeeds" | tail -5

block drop out log quick on em0_vlan108 inet6 from any to <__qfeeds_malware_ip> label "dc5f8e7ee80be02f12014877d82c96a2" tag qtag
block drop out log quick on em0_vlan109 inet from any to <__qfeeds_malware_ip> label "dc5f8e7ee80be02f12014877d82c96a2" tag qtag
block drop out log quick on em0_vlan109 inet6 from any to <__qfeeds_malware_ip> label "dc5f8e7ee80be02f12014877d82c96a2" tag qtag
block drop in quick on em1 reply-to (em1 x.x.x.22) inet from <__qfeeds_malware_ip> to any label "de057b37c3fe418169db727c1d8a3f79"
block drop in quick on em1 reply-to (em1 fe80::1e52) inet6 from <__qfeeds_malware_ip> to any label "de057b37c3fe418169db727c1d8a3f79"

October 18, 2025, 05:12:32 PM #272 Last Edit: October 19, 2025, 01:52:52 PM by Q-Feeds
Quote from: zz00mm on October 18, 2025, 03:31:35 PMPlease see below requested information.

   pfctl -t __qfeeds_malware_ip -T show | head -10

......


Aah I see the issue the "tag qtag" is causing issues. I've forwarded it to our developers. Thank you very much we will get back with a solution soon.

EDIT: confirmed fix in the latest commit. Will be part of official release.


Your Threat Intelligence Partner  qfeeds.com
October 20, 2025, 02:32:16 AM #273
Quote from: Q-Feeds on October 18, 2025, 05:12:32 PM
Quote from: zz00mm on October 18, 2025, 03:31:35 PMPlease see below requested information.

   pfctl -t __qfeeds_malware_ip -T show | head -10

......


Aah I see the issue the "tag qtag" is causing issues. I've forwarded it to our developers. Thank you very much we will get back with a solution soon.

EDIT: confirmed fix in the latest commit. Will be part of official release.



Update:
     Removing the tag didn't resolve the issue.
What I found:
     Since this is an HA configuration, I did the following.
     Removed inbound floating rule, created rule on WAN and inbound blocks started appearing
     Outbound floating rule, added WAN to the existing rule with the vLANs and outbound blocks started appearing

     I believe this is due to the way HA configurations work.
     I will install Q-Feeds on a standalone (non HA) firewall this week and see if it works with floating rules and without WAN in the outbound rule.

Zz00mm
October 22, 2025, 02:46:33 PM #274
UPDATE

The plugin has now been released with OPNSense version 25.7.6 and 25.10 .

Your Threat Intelligence Partner  qfeeds.com
October 22, 2025, 02:49:16 PM #275
Tiny note: 25.10 has the initial 1.0, but will get a hotfix tomorrow for 1.2 to sync up the code.


Cheers,
Franco
October 22, 2025, 06:06:09 PM #276
Maybe as well additional info for those who don't read patch notes ;)

Q-Feeds is as well officially documented in OPNsense docs.

https://docs.opnsense.org/manual/qfeeds.html

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 22, 2025, 08:05:00 PM #277
Out of curiosity and wanted to install the plugin also; I went to the qfeeds.com website.
Then when trying to create an account on: https://tip.qfeeds.com/views/auth/register.php
I clicked on [Terms of Service] and [Privacy Policy].
Both links give this error: https://tip.qfeeds.com/terms.php
Code Select
You are offline

This page cannot be displayed because you are not connected to the internet.

Please check your connection and try again.

maybe we just don't need to read them and just singup :-), but good to know those are not working.
Deciso DEC850v2
October 22, 2025, 08:12:04 PM #278 Last Edit: October 22, 2025, 08:22:07 PM by Q-Feeds
Quote from: RamSense on October 22, 2025, 08:05:00 PMOut of curiosity and wanted to install the plugin also; I went to the qfeeds.com website.
Then when trying to create an account on: https://tip.qfeeds.com/views/auth/register.php
I clicked on [Terms of Service] and [Privacy Policy].
Both links give this error: https://tip.qfeeds.com/terms.php
Code Select
You are offline

This page cannot be displayed because you are not connected to the internet.

Please check your connection and try again.

maybe we just don't need to read them and just singup :-), but good to know those are not working.

haha we do support your recommendation to just signup :-D
That said obviously that's a mistake and will update the links asap. Seems nobody tried to read them during the testing period :)

EDIT: Fixed it. Thanks for letting us know!

Your Threat Intelligence Partner  qfeeds.com
October 22, 2025, 08:12:55 PM #279
Quote from: Seimus on October 22, 2025, 06:06:09 PMMaybe as well additional info for those who don't read patch notes ;)

Q-Feeds is as well officially documented in OPNsense docs.

https://docs.opnsense.org/manual/qfeeds.html

Regards,
S.


Thanks for sharing!

Your Threat Intelligence Partner  qfeeds.com
October 22, 2025, 08:24:11 PM #280
Quote from: Seimus on October 22, 2025, 06:06:09 PMMaybe as well additional info for those who don't read patch notes ;)

Q-Feeds is as well officially documented in OPNsense docs.

https://docs.opnsense.org/manual/qfeeds.html

Regards,
S.


I am guessing there is a critical error on the firewall rules setup instructions?
October 22, 2025, 08:31:33 PM #281
Quote from: chrisgtl on October 22, 2025, 08:24:11 PM
Quote from: Seimus on October 22, 2025, 06:06:09 PMMaybe as well additional info for those who don't read patch notes ;)

Q-Feeds is as well officially documented in OPNsense docs.

https://docs.opnsense.org/manual/qfeeds.html



I am guessing there is a critical error on the firewall rules setup instructions?

Oh no! you're right.. the WAN rule should state the WAN interface instead of LAN. We'll get this sorted. For now the correct manual can be found at the bottom of our landing page: https://qfeeds.com/opnsense/

Your Threat Intelligence Partner  qfeeds.com
October 22, 2025, 09:23:41 PM #282
Unfortunately I still get the warning:

QuoteQFeeds requires additional memory to be reserved for aliases. Please increase `Firewall Maximum Table Entries` in `Firewall: Settings: Advanced` to at least 2 million items.

I am using a blank setting (default) which amounts to 10,000,000 on my system. When I set it manually the warning disappears. As soon as I remove it so that the default is used, the warning shows up again.

@Q-Feeds Can you please point me to the part of the source code that does this check? IMO this check only looks for a value in that field. But if a value is not set, the test does not check what the default and thus the effective value actually is.
October 22, 2025, 09:30:13 PM #283
> I am using a blank setting (default) which amounts to 10,000,000 on my system.

This is the new maximum default since 25.7.5. It's calculating now based on available RAM.


Cheers,
Franco
October 22, 2025, 09:52:43 PM #284 Last Edit: October 22, 2025, 10:04:12 PM by Q-Feeds
Quote from: tessus on October 22, 2025, 09:23:41 PMUnfortunately I still get the warning:

QuoteQFeeds requires additional memory to be reserved for aliases. Please increase `Firewall Maximum Table Entries` in `Firewall: Settings: Advanced` to at least 2 million items.

I am using a blank setting (default) which amounts to 10,000,000 on my system. When I set it manually the warning disappears. As soon as I remove it so that the default is used, the warning shows up again.

@Q-Feeds Can you please point me to the part of the source code that does this check? IMO this check only looks for a value in that field. But if a value is not set, the test does not check what the default and thus the effective value actually is.

Aah that's some leftover code from the beta  version. We've removed it from the code now all together. To clean it you can run these commands:

Code Select
rm /usr/local/opnsense/mvc/app/library/OPNsense/System/Status/QfeedsStatus.php
configctl webgui restart

Your Threat Intelligence Partner  qfeeds.com
Print
Go Up Pages 1 ... 17 18 19 20 21
User actions