Can opnsense do this?

senser · December 06, 2017, 08:01:57 PM

Greetings everyone,

I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?

Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled

Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Thank you so much
J

Stefan · December 07, 2017, 02:03:00 AM

BGP routing by chance?

Gargamel · December 07, 2017, 08:20:30 AM

Quote from: senser on December 06, 2017, 08:01:57 PM
Greetings everyone,

I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?

Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled

Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Thank you so much
J

For GeoIP blocking see this post:
https://forum.opnsense.org/index.php?topic=5851.msg24639#msg24639

Ciprian · December 07, 2017, 10:38:25 AM

Quote from: senser on December 06, 2017, 08:01:57 PM

Asn ip blocking (alias from whois)

Definitely YES!

QuoteDns black holes (using common host files)

I strongly would say YES, but you have to check, there are host and domain overrides, there are custom options of Unbound DNS, both comprised right on the Web Interface, and if it's not enough, form the console you have the option to edit the Unbound config file the way you want it; never did it, so I don't know for sure if it fits your purpose, and I would redirect you to Unbound DNS (or DNSmask DNS, also included in OPNsense) documentation.

QuoteGeo-ip blocking (alias from geo-ip)

YES

QuoteAll logging can be disabled.

YES

QuoteAlso, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Franco definitely has a better answer, the best answer, but until he writes a few lines, I would say "rolling release" is the model.

QuoteThank you so much
J

You're welcome! :)

franco · December 07, 2017, 03:03:37 PM

Hi there,

Well, we do a major update every 6 months (major incompatible features and operating system updates) and rolling releases with mostly weekly minor updates depending on need. Major versions land in January (x.1) and July (x.7).

We discontinue support for older major releases immediately, but the upgrade is (given the migration notes and operating system limitations) seamless.

https://opnsense.org/about/road-map/

Cheers,
Franco

senser · December 10, 2017, 10:00:56 PM

Great, so there is no nice frontend for creating dns entries for unbound from host files, but other than that, its all there. Are there any plans to better support creating dns black holes yet? Thank you!

Can opnsense do this?

senser

December 06, 2017, 08:01:57 PM

Stefan

December 07, 2017, 02:03:00 AM #1

Gargamel

December 07, 2017, 08:20:30 AM #2

Ciprian

December 07, 2017, 10:38:25 AM #3

franco

December 07, 2017, 03:03:37 PM #4

senser

December 10, 2017, 10:00:56 PM #5