Looking for testers Q-Feeds plugin

[tessus]

This is the new maximum default since 25.7.5. It's calculating now based on available RAM.

Yep. My point was rather that the test was quirky:

Code Select Expand

$cnf = Config::getInstance()->object();
        if (!empty($cnf->system->maximumtableentries) && $cnf->system->maximumtableentries >= 2000000) {
There are 2 things I want to give feedback on and please forgive my ignorance since I don't know the internals.

So this cnf object holds all the settings. Of course cnf->system->maximumtableentries is empty, since nothing is set. How do I get the effective value. e.g. the UI shows that my system uses 10000000 so that info must be available.

For a proper test the above code shouldn't test for !empty &&, but check_effective_value(maximumtableentries) > 2000000 ||

Aah that's some leftover code from the beta  version. We've removed it from the code now all together. To clean it you can run these commands:

Thanks, that did it. I did not even have to restart the webgui.

I am not sure I follow though. Leftover? So the file was not in the code, but still in the package? Or did you remove it from the code, after 1.2 was released?

[Q-Feeds]

This is the new maximum default since 25.7.5. It's calculating now based on available RAM.

Yep. My point was rather that the test was quirky:

Code Select Expand

$cnf = Config::getInstance()->object();
        if (!empty($cnf->system->maximumtableentries) && $cnf->system->maximumtableentries >= 2000000) {
There are 2 things I want to give feedback on and please forgive my ignorance since I don't know the internals.

So this cnf object holds all the settings. Of course cnf->system->maximumtableentries is empty, since nothing is set. How do I get the effective value. e.g. the UI shows that my system uses 10000000 so that info must be available.

For a proper test the above code shouldn't test for !empty &&, but check_effective_value(maximumtableentries) > 2000000 ||

Aah that's some leftover code from the beta  version. We've removed it from the code now all together. To clean it you can run these commands:

Thanks, that did it. I did not even have to restart the webgui.

I am not sure I follow though. Leftover? So the file was not in the code, but still in the package? Or did you remove it from the code, after 1.2 was released?

That was indeed a possibility yet since during the development the standard changed so this became obsolete.

Glad that did it! And thanks for pointing it out!

No we removed it from the code with the 1.2 release. So only the users who had the previous packages installed, have this file on their machines, sorry for not cleaning it up correctly.

[passeri]

On the Opnsense dashboard, is the "Blocked" figure a rolling number over a period or will it increase infinitely?

If over a period, is that a setting somewhere?

[Q-Feeds]

On the Opnsense dashboard, is the "Blocked" figure a rolling number over a period or will it increase infinitely?

If over a period, is that a setting somewhere?

It's not per 24h. The widget's "blocked" is the number of unique feed addresses that have seen at least one blocked packet in the packet filter since the tables were last loaded/replaced (e.g., after a feed update, reconfigure, or reboot). It resets whenever the Q-Feeds tables are reloaded.

[RutgerDiehard]

Installed, registered and now have blocked information in the widget. Nice and slick :-)

One question though. I've ticked the box to register domain feeds after confirming Unbound has blocklists enabled. Am I supposed to see a q-feeds specific blocklist appear in the "Type of DNSBL" drop-down?

If so, there's nothing there for q-feeds, just the default. I've tried disable/enable blocklist, Unbound restart, and uncheck/check of "register domain feeds".

[Q-Feeds]

Installed, registered and now have blocked information in the widget. Nice and slick :-)

One question though. I've ticked the box to register domain feeds after confirming Unbound has blocklists enabled. Am I supposed to see a q-feeds specific blocklist appear in the "Type of DNSBL" drop-down?

If so, there's nothing there for q-feeds, just the default. I've tried disable/enable blocklist, Unbound restart, and uncheck/check of "register domain feeds".

Hi RutgerDiehard,

No you're not supposed to see our list in that dropdown. If both are activated (in our plugin and blocklists in general in unbound) then the list is active. You can verify by checking the number of IOCs in the Unbound report. It might be something we will improve later on though ;)

[RutgerDiehard]

Installed, registered and now have blocked information in the widget. Nice and slick :-)

One question though. I've ticked the box to register domain feeds after confirming Unbound has blocklists enabled. Am I supposed to see a q-feeds specific blocklist appear in the "Type of DNSBL" drop-down?

If so, there's nothing there for q-feeds, just the default. I've tried disable/enable blocklist, Unbound restart, and uncheck/check of "register domain feeds".

Hi RutgerDiehard,

No you're not supposed to see our list in that dropdown. If both are activated (in our plugin and blocklists in general in unbound) then the list is active. You can verify by checking the number of IOCs in the Unbound report. It might be something we will improve later on though ;)

Thanks for the quick reply :-)

I assume you mean by looking at the "Size of blocklist" in the Unbound DNS report?

If I untick "Register domain feeds" in q-feeds and recheck the "Size of blocklist" number, it does not change.

Is this correct or am I looking in the wrong place?

[RutgerDiehard]

Just checked the other way by configuring only "Register domain feeds" and unticking all in "Type of DNSBL".

Now the "Size of blocklist" number does change. I assume that this number should tally with the number reported on TIP?

E.g. with no other blocklists ticked, the size of blocklist number is 358,597. However, the previous count from TIP is 438,574 and current is 539,551 using the numbers from my current plan (free edition).

There seems to be an anomally.

[RamSense]

@Q-Feeds: I just noticed your service is blocking my company VPN - ZScaler.
Are you supposed to block those hubs? https://config.zscaler.com/zscaler.net/hubs
I now have to disable Q-feeds to connect to the company network.

I'm seeing blocks from LAN to destination 165.225.101.236; 165.225.29.187; 165.225.25.182; etc

[Q-Feeds]

You can always create a whitelist alias in a rule above ours. That said we just checked and it seems ZScaler doesn't care to facilitate criminal organizations as well. We're seeing lots of bad actors in a lot of our sources.

[RamSense]

Thank you for checking and info. I will enable Q-Feeds again, and connect my company by the guest network.

[Q-Feeds]

Just checked the other way by configuring only "Register domain feeds" and unticking all in "Type of DNSBL".

Now the "Size of blocklist" number does change. I assume that this number should tally with the number reported on TIP?

E.g. with no other blocklists ticked, the size of blocklist number is 358,597. However, the previous count from TIP is 438,574 and current is 539,551 using the numbers from my current plan (free edition).

There seems to be an anomally.

Thanks for pointing out! We will investigate it.