search

yrzr / opnsense-tools

OPNsense images native builder for aarch64. Steps to build your own image: https://yrzr.github.io/tutorial-build-opnsense-arm64-on-a-rpi4/
https://yrzr.github.io/tags/opnsense/
BSD 2-Clause "Simplified" License
51 stars 3 forks source link

Opnsense 24.7.4 enable syncookies failed giving open ports tested with GRC Sheild up on Raspberry pi 4. #24

Open mrusli70 opened 2 months ago

mrusli70 commented 2 months ago

Hi yrzr,

I tested both version of the Opnsense 24.7.4 and 24.7.4.1 , that by enable the syncookies as "always" it causing all ports to be open.

And it failed the grc sheildup firewall stealth mode .

But when I select the option as "never (by default)" the syncookies passed the grc sheildup firewall stealthj mode test.

So I wonder if the Anti DDOS enable syncookies are having a software bug or it just a false alarm.

mrusli70 commented 2 months ago

Hi yrzr, Ok I should have set the syncookies as never as default. The syncookies is enable by default set to i. So there is no need to change anything to the Anti DDOS option. Bummer it is my fault. I am so sorry about that. I should have know better.

yrzr commented 2 months ago

Hi mrusli70, I am not an expert at this. I think you should go ahead and move this issue to the official repo for help.

mrusli70 commented 1 month ago

Hi, yrzr, not too worry. I really appreciate you for having such an awesome site to have my raspberry pi 4b working with opnsense. It work great and simply awesome! What a great trusty gadget to have it around to make a secure network.