search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.1k stars 419 forks source link

[OPNsense] Disabling Autogeneration of Floating Rules #3047

Open Ramalama2 opened 4 weeks ago

Ramalama2 commented 4 weeks ago

What would you like to be added?

/kind enhancement

Why is this needed?

EDIT: On PFsense its possible, OPNsense is just missing it. Im on OPNsense 24.1.8.

I would like to define the Rules, based on the Crowdsec Alias, where i need them. For example i could whitelist IP-Ranges from Blocking easilly with aliases on Opnsense, before the Crowdsec Blocking Rule. Not because im a hacker, because if a have a parser on my mailserver, that blocks failed login attempts pretty aggressively, and i dont't want to ban myself out. Or for example, i want to whitelist for example Germany with GEO Based ip list.

That doesn't work with the whitelist package, additionally im not sure if the whitelist package gets updated from time to time on opnsense and replaces my entries. Managing the whitelist in CLI is uncomfortable as hell either + GEO is not possible.

github-actions[bot] commented 4 weeks ago

@Ramalama2: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 4 weeks ago

@Ramalama2: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
LaurenceJJones commented 4 weeks ago

@Ramalama2 the kind hook only currently runs for crowdsec team can you stop opening and closing issues if that is what your trying to achieve

Ramalama2 commented 4 weeks ago

@Ramalama2 the kind hook only currently runs for crowdsec team can you stop opening and closing issues if that is what your trying to achieve

Sorry, i stopped, but the message from the bot is somewhat missleading/Confusing. Sorry xD

LaurenceJJones commented 4 weeks ago

@Ramalama2 the kind hook only currently runs for crowdsec team can you stop opening and closing issues if that is what your trying to achieve

Sorry, i stopped, but the message from the bot is somewhat missleading/Confusing. Sorry xD

Yeah, we just need to find time to fix it the hook

Ramalama2 commented 3 weeks ago

May i ask, why thats available for pfsense, but not opnsense at the moment... Is there generally a reason you prefer pfsense? For me its basically the same, so i could just switch and doesn't matter about this here, because it looks to me like anyway no one is interested in that except me, lol Otherwise this would have been requested much earlier.

Cheers

LaurenceJJones commented 3 weeks ago

May i ask, why thats available for pfsense, but not opnsense at the moment... Is there generally a reason you prefer pfsense? For me its basically the same, so i could just switch and doesn't matter about this here, because it looks to me like anyway no one is interested in that except me, lol Otherwise this would have been requested much earlier.

Cheers

OPNSense was developed first, so we don't have any biased towards any of them. The reason is simply it was just added as an option in pfsense, but then we never back ported to opnsense since they both use different code bases.

Ramalama2 commented 3 weeks ago

May i ask, why thats available for pfsense, but not opnsense at the moment... Is there generally a reason you prefer pfsense? For me its basically the same, so i could just switch and doesn't matter about this here, because it looks to me like anyway no one is interested in that except me, lol Otherwise this would have been requested much earlier. Cheers

OPNSense was developed first, so we don't have any biased towards any of them. The reason is simply it was just added as an option in pfsense, but then we never back ported to opnsense since they both use different code bases.

May i ask, why thats available for pfsense, but not opnsense at the moment... Is there generally a reason you prefer pfsense? For me its basically the same, so i could just switch and doesn't matter about this here, because it looks to me like anyway no one is interested in that except me, lol Otherwise this would have been requested much earlier. Cheers

OPNSense was developed first, so we don't have any biased towards any of them. The reason is simply it was just added as an option in pfsense, but then we never back ported to opnsense since they both use different code bases.

I understand, thanks for clarifying! Then I'll wait till you guys have time for that.

As that may take very long i have just one last question, if i use the whitelist parser, is it persistent or is there a possibility that the yaml get replaced on updates? If its persistent, then i gonna simply use that in the meantime. Thanks Laurence for your effort and fast replies here :-)