Categories

  • 418
    Topics
    1.3k
    Posts

    fractal_boyF

    ea74c66d-e6b1-43ac-adec-f892d5d69899-image.png

  • 117.8k
    Topics
    741.1k
    Posts

    D

    @stephenw10 Well, I use whatever is out there speedtest, fast.com .

    What do you mean exactly ? Using mine or their router ?

  • Discussions about pfSense software packages

    Cache/Proxy IDS/IPS Traffic Monitoring pfBlockerNG UPS Tools ACME FRR Tailscale WireGuard
    19.7k
    Topics
    124.7k
    Posts

    R

    Hello all,

    Docker and docker compose is integral to much of my work.

    Sometimes a docker compose references a local server address like: http://trivy-server:9992, whereby trivy-server is the name of the service and is also the hostname. This can not always be changed or altered unfortunately.

    When TLD Allow is selected within DNSBL than those trivy-server services will be blocked. Whitelisting is not possible due to the missing TLD (hence no TLD)...

    2dbae213-9950-4167-9973-2080b97b5658-image.png

    a148b840-5e1e-480b-9c09-4484875d400c-image.png

    pfBlockerNG: Is this a feature, a bug or ? Is there another proper solution? Configure pfSense or pfBlockerNG differently? Change some settings in docker or Ubuntu node?

    Only solution for now is to uncheck the TLD Allow option, which from a security standpoint is not feasible.

    See for example:
    https://github.com/openclarity/openclarity/tree/main/installation/docker

  • 42.3k
    Topics
    265.8k
    Posts

    P

    @mika_hakinen Wan > Lan şeklinde de ilerleyebilir. Sonuçta pfsense tarzı açık kaynak kodlu bir güvenlik duvarına 3-5 kod yazmaya bakar herşey. Sıkıntı orada değil.

    Sıkıntı networkun wandaki işleyiş yapısında. Bir bilgisayara varsayılan ağ geçidi ve dns adresi yazmazsanız wan netine ulaşamazsınız bildiğiniz gibi. Siz ağ geçidinize isteğinizi iletirsiniz, ağ geçidiniz isteğinizi isp servera gönderir. Isp server gelen isteği girdiğiniz dns sunucusu sayesinde ip adresine dönüştürür, adrese ulaşır ve geriye doğru cevaplama işlemi gerçekleşir. Tabi bu en basit tarzda bir wan yapısıdır. Çünkü bağlandığınız isp server, aslında bir grubun belki de en alt halkası olabilir. Üzerinde, sizi istediğiniz adrese ulaştıracak daha onlarca katman bulunabilir. Her katman bir üstteki katmana ip-mac kimlik bilgisini iletir. Bu sistemde işlemi yapan landaki sizin kimliğiniz değil, wandaki ağ geçidiniz yahut isp serverlardır. Onların üzerindeki var olan ip adresleri ve mac adresleri kayıt altına alınır. Dns değiştirdiğinizde bazı sitelere ulaşabilme sebebiniz de budur, herşey iss servera iletilen kimlik bilgisi.

    O yüzdendir ki, metro tarzı bağlantılarda, uydunet-fiber altyapı sistemlerinde sizin bilgisayarınızın değil, modem-router cihazının mac adresi iss tarafından sisteme kayıt edilir ve internet açılır. Wan>Lan Nat yapısında mac filtreleme bu sebeple mantıksızdır, bunu yapan herhangi bir cihaz da yoktur.

  • Information about hardware available from Netgate

    2.4k
    Topics
    19.1k
    Posts

    stephenw10S

    Those are the internal ix NICs that connect to the switch, ix2 and ix3. That new card will appear as ixl0 and ixl1. You should see them in Interfaces > Assignments.

    Steve

  • Information about hardware available from Netgate

    44
    Topics
    210
    Posts

    GertjanG

    @LesserBloops said in Netgate Security Advisory: CVE-2024-6387:

    I had no idea System_Patches existed until happening upon this thread

    Yeah .... well, scrap what's I've said above.
    I'll rephrase, and express my real opinion :
    It must be a package, so when an update exists, it will get flagged on the dashboard as 'update == patches' exist. That's the great thing about the pfSense package system.
    I was wondering : why isn't this build into pfSense directly ? But that would mean that there will be another thing to check, pfSense packages updates and patches updates. Another dashboard widget ?
    So : upon pfSense installation : advise the user to pick this package ?
    Or, don't signal the admin, and install the package without admin consent ?
    Humm, maybe not ...

    Right now, any package is installed with admin consent, as you have to install them 'ones'.

    Parches proposed by this package are only mostly 'quality of live' amelioration. But ones in a while they are a must have, as it solves a real issue. Then the question doesn't exist anymore : people will find the forum for support, will find that there is a solution ... a patch, and so on ...

    Real issues, like urgent software updates like (example) curl, unbound nginx etc etc (tyhese are not pfSense packages, but FreeBSD packages ! - or FreeBSD updates ported to their pfSense equivalent by Netgate ) are already getting updated using the command line ( SSH or console !! ) option 13.

    @LesserBloops : I've got one for you : Auto update check, checks for updates to base system + packages and sends email alerts
    "Install" that one also. You maybe not knowing it, but you need it 😊
    Btw : you will need to install the Cron pfSense package.

    This script file tells me, as I receive a mail, if anything has an upgrade waiting. Even pfSense itself.

  • Feel free to talk about anything and everything here

    Forum Feedback Community Job Board
    3.4k
    Topics
    18.4k
    Posts

    JonathanLeeJ

    Has anyone else checked out the Commodore OS Vision software?

    It is really unique and fun. I have been playing with it the last two days. I got my certificates on it got it working.

    I love the sound effects.

    https://www.commodoreos.net/CommodoreOS.aspx

    https://youtu.be/QKpXiUD6Tc8

    I got it going in Virtual Box,

    With my trackball if I hit the two keys on the top it will show a panoramic of all the desktops it is amazing ideas...