-
Notifications
You must be signed in to change notification settings - Fork 453
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OPNsense] Disabling Autogeneration of Floating Rules #3047
Comments
@Ramalama2: Thanks for opening an issue, it is currently awaiting triage. In the meantime, you can:
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
@Ramalama2: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
@Ramalama2 the kind hook only currently runs for crowdsec team can you stop opening and closing issues if that is what your trying to achieve |
Sorry, i stopped, but the message from the bot is somewhat missleading/Confusing. |
Yeah, we just need to find time to fix it the hook |
May i ask, why thats available for pfsense, but not opnsense at the moment... Cheers |
OPNSense was developed first, so we don't have any biased towards any of them. The reason is simply it was just added as an option in pfsense, but then we never back ported to opnsense since they both use different code bases. |
I understand, thanks for clarifying! As that may take very long i have just one last question, if i use the whitelist parser, is it persistent or is there a possibility that the yaml get replaced on updates? |
sure - package updates don't overwrite the configuration, safe for a few parameters |
Thanks! But Since Juni i found that out either xD Thank you for the effort :-) |
What would you like to be added?
/kind enhancement
Why is this needed?
EDIT: On PFsense its possible, OPNsense is just missing it.
Im on OPNsense 24.1.8.
I would like to define the Rules, based on the Crowdsec Alias, where i need them.
For example i could whitelist IP-Ranges from Blocking easilly with aliases on Opnsense, before the Crowdsec Blocking Rule.
Not because im a hacker, because if a have a parser on my mailserver, that blocks failed login attempts pretty aggressively, and i dont't want to ban myself out.
Or for example, i want to whitelist for example Germany with GEO Based ip list.
That doesn't work with the whitelist package, additionally im not sure if the whitelist package gets updated from time to time on opnsense and replaces my entries.
Managing the whitelist in CLI is uncomfortable as hell either + GEO is not possible.
The text was updated successfully, but these errors were encountered: