Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - NollipfSense

Pages: [1] 2
IDS/IPS / Snort Passlist for Cpanel access
« on: March 11, 2018, 10:23:17 am »
Since I have implemented Snort's Portscan detection (this pass Wednesday night), I could not connect to my web hosting cPanel...I think the traffic is been dropped. So, I followed the instructions to create a Snort passlist:
I created an alias under IP with my web hosting provider's IP address and even created a firewall rule just in case...still no luck. A traceroute shows a halt at the twelfth alert has been generated either. What when wrong? Even when I disable Portscan, I still cannot login cPanel...sadly!

IDS/IPS / Snort: What POP3 Decoder Setting do?
« on: March 08, 2018, 09:24:20 pm »
What does this menu do...see pic. My web host provider claimed that some spam activity came from my IP and their log show a  POP3:OVERFLOW:LINE  SRXB0  Mar 8, 2018, 6:22:37 PM  Buffer Overflow...can't show the IP addresses for privacy.

Does it send email message with Barnyard enabled? The POP3 was going to port 110 on my web hosting provider which triggered an, I want to understand what that menu does. My hosting also claimed they don't have the email address the alleged activity came from.

pfBlockerNG / Pihole and NSA DNSBL Feed Error
« on: March 03, 2018, 03:06:01 pm »
What is the proper feed URL for Pihole and NSA DNSBL for the custom feed? What I have added are: or

[ DNSBL FAIL ] [ Skipping : Pihole ]

/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: unknown keyword ''
/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: stray '"'
/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: unknown keyword ''
/var/db/pfblockerng/dnsbl/Pihole.bk:1: error: stray '"'
read /var/unbound/check.conf failed: 7 errors in configuration file
[ DNSBL_IP ]       Updating aliastable [ 03/03/18 15:01:30 ]...
  no changes.
  Total IP count = 927

[ DNSBL FAIL ] [ Skipping : NSA ]

/var/db/pfblockerng/dnsbl/NSA.bk:1: error: unknown keyword ''
/var/db/pfblockerng/dnsbl/NSA.bk:1: error: stray '"'
/var/db/pfblockerng/dnsbl/NSA.bk:1: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/NSA.bk:1: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/NSA.bk:1: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/NSA.bk:1: error: unknown keyword ''
/var/db/pfblockerng/dnsbl/NSA.bk:1: error: stray '"'
read /var/unbound/check.conf failed: 7 errors in configuration file
[ Pihole ]       Downloading update [ 03/03/18 15:01:29 ] .. 200 OK
  Remote timestamp missing .
  Orig.    Unique     # Dups     # White    # Alexa    Final               
  1        1          0          0          0          1                   

I has before added these NSA blocklist and experience errors: or

I had removed these without recording the error so I could display here.

General Questions / Second Hard Drive Content
« on: February 28, 2018, 07:35:49 pm »
More than two months ago, I successfully added a second hard rive and transfer all content of /usr to that second drive. However, that drive status on Dashboard hasn't shown any sign that it's recording content of the user...see "newdisk" in  pic.

What command to use to see that indeed it's storing files? When I did the moving, the OS disk (ada0) was at 14%.

IDS/IPS / Suricata Inline Mode and Online Bank Deposit
« on: February 27, 2018, 02:13:35 pm »
So, I attempted to deposit a check into my bank account and got the following on the PFSense monitor screen:

196.115874 [1071] netmap_grab_packets   bad pkt at 445 1en 2164

I wasn't sure what's going on; so, I switch to the legacy mode because I needed to make the deposit.  I was using my phone to make the deposit. After the deposit completed, I change to inline mode again.  Also, Barnyard2 still wouldn't start despite making the necessary configuration changes in Advance >networking.

IDS/IPS / Setup Still Relevant? Hell YES!
« on: February 08, 2018, 01:49:43 pm »
I have had my PFSense machine up and running now since October of last year. Now, I shall fine tune as the system should have learn my moves or states. I have Snort, PFBlockerNG, Suricata and Squid's ClamAV Antivirus packages running as well. I have been reading this thread: hoping to use as a guide in helping me to fine tune; however, I wondered whether it's relevant today in the sense that all packages have evolved and lots of the scripts have been included in the offerings now.

Things that seem relevant are the firewall aliases and rules; however, it's lots of reading and one can get lost easily in some of the steps. So, how would you approach using that guide today since it was originally for 2014? Hints would be appreciated. My only addition to firewall other than default is forced DNS to PFSense via OpenDNS (

For the packages installed, I followed what Lawrence system posted to YouTube.

IDS/IPS / Why Snort Blocks Apple Domain?
« on: December 08, 2017, 09:09:11 pm »
From what I understand, Apple owns the entire blocks of IP addresses; so, I was surprised when I could not access Apple. When I had checked my log, it was, I disable blocking and backed down to IPS policy of connectivity. All IPS policies should have known not to block those...a fair statement? Of course, I am new to Snort and realize it's a false positive.

General Questions / Add Second Hard Drive (Solved)
« on: December 06, 2017, 08:57:37 pm »
Last night when I got the issue with the second hard drive sorted, I format it with the v. 2.4.2 installer; however, I didn't think it through when I was doing it. So I got the following...see pic. When I then tried to erase the drive or modify, I keep getting invalid argument or option i not specify, I believe and it doesn't matter whether I do it on the PFSense machine or the webconfigurator. I don't need a boot track nor a swap track. (Correct input should have been: gpart destroy -F ada1)

Should I just leave it as is? if that's okay, then how do I transfer or move all user data (admin) to ada1? These are the files I need to move:





Of course, I wish there was an official method sticky to address this.

General Questions / cam status unconditionally re-queue request
« on: December 04, 2017, 07:00:16 pm »
Brand-new Seagate SATA 3 500GB hard drive installed then booted the machine to format the drive "cam status unconditionally re-queue request." So, I took the drive out to format on my MacBook Pro to a GUID partition map with MSDOS and noticed in Disk Utility that SMART status was unsupported...does that mean I cannot use the new drive just bought for log storage?

The machine has a 16GB SSD with PFSense hasn't completed the booting process as it keeps trying.

Also, what is the official method to formatting new drive and when that is completed, how do I transfer user logs to the new drive?

General Questions / Urgent Net Neutrality
« on: November 30, 2017, 10:42:37 am »
I am urging all U.S. citizen to make your voice heard...please tell your congress person as well as the FCC to leave Net Neutrality alone...the creator of the Internet FREELY gave it to all of us. The FCC, its chairperson, nor its lobbying posse didn't create the Internet and spent ZERO money on developing the Internet as we know it

General Questions / Two Problems -(Solved)
« on: November 21, 2017, 05:58:05 pm »
Just upgraded to version 2.4.2...whenever I set up new user to take over "admin" by adding all privileges then reboot, that user can't log in "no page assigned to this here to logout."

Then keep getting "Calcru: runtime went backwards" despite adding two other NTP domains.

They're both very to resolve?

General Questions / Setting Up Second HD For Storage
« on: November 18, 2017, 11:27:40 am »
I have been trying to use the V2.4.1 installer to format second hard drive. First time I tried, I could select second drive to format but in the end after completion there was an error. So, I took out the drive and wipe it cleaned then reformat on my Mac to MSDOS then try again to format to UFS with PFSense 2.4.1 installer. It recognized the second during boot process but ended of claiming it's not a UFS drive and disables the drive from the that further booting up of the installer, there is no recognition of the second drive...not even removing the BIOS battery and reinstalling allowed the second hard drive detection. I have to remove all SATA devices attached to the SATA ports, boot to the BIOS then shut down/power off the computer, then attached all SATA devices. That's the only way for all hard drive detection. BTW, the computer is an HP Pavilion a6242 with upgraded and unlocked BIOS.

I had read, after search on how to format second HD, how one person found it easy to use the installer (in his case, it was an older CD installer). What's the official method to formatting a second hard drive for storage? I cannot complete the PFSense 2.4.1 booting as I am still waiting for the NIC to arrive.

Installation and Upgrades / UFS, How to format? (Solved PFSense 2.4)
« on: November 14, 2017, 05:11:34 pm »
I have been trying to format SSD to UFS after discovering ZFS won't work for my application that is to install PFSence 2.4 to a 16GB SSD and use a HDD 320GB to capture log events. Gparted won't or doesn't show UFS.

Is there an app with GUI to do this?

Hardware / HP Pavilion a6242N for PFSense Machine
« on: October 07, 2017, 12:33:42 pm »
I found this HP Pavilion at the trash in my apartment...took it home and it; my light bulb bright idea suggested turning it into a PFSense machine. I will maxed out the RAM (8GB - Crucial) and thinking of installing the Intel-Pro 1000 NIC (I haven't bought it yet)...would this work? Could I install PFSense only without assigning WAN/LAN before I get NIC which would take a few days to arrive? I would use a Monitor to aid, should I select the VGA version? The machine would run headless after the install and the upgrade

I am familiar with PFSense as I had set up on a VirtualBox machine on my Mac.

What is this?

Pages: [1] 2