Messages

Hi AdSchellevis!

https://github.com/opnsense/core/issues/460

I read the discussion in the link that you provided (thank you!) and have a general question about OPNsense.

Prior changing to pfSense, I was using Endian UTM (http://www.endian.com/). The "UTM" stands for "Unified Threat Management" and it means that Endian tries to include all sorts of threat fighting tools. They say of themselves: "The Endian UTM appliance provides total network security including web and email filtering, VPN, intrusion prevention, bandwidth management and much more."

Then, I changed to pfSense (for the reasons that I did not agree with Endian's understanding of "community" & "open source" (they turned it to "open core") and because I needed more than 4 network zones, which Endian does not support) and I had to learn, that pfSense did not support many of those features, since their opinion was, that most of those "threat management" tools have no place on a firewall but should be handled by dedicated servers AFTER the firewall, e.g. scanning email. So with other words: pfSense lacked some features that I got to love on Endian due to another strategic approach that pfSense had.

So, now I read the thread of the link that you provided and realized that you plan to a) integrate HTTPS proxy and b) are not planning yet - but seem not to be opposed at all - to integrate other features such as virus scanning of webtraffic, email, FTP, etc.

So my question is: What is the strategic stance of OPNsense? Is your vision to turn OPNsense to such a "Unified Threat Management" box, as Endian does, or will you rather stick to the "lean" approach of pfSense and keep everything out of OPNsense that is not 100% firewall/gateway related?

Speaking for me, I would love seeing those advanced firewall/gateway related security features integrated into OPNsense, as Endian does, but I would not like to see any features to be integrated that go beyond this gateway-security scope and that turn the firewall into a general network server with all sorts of network services on it as e.g. Samba file server, FTP server, BitTorrent, etc., as some other projects do, e.g. Clear OS, etc.

Thank you for your time!

Cheers
temporaryuser

<moved my answer to a separate topic: https://forum.opnsense.org/index.php?topic=2531.0>

Dear all,

thank you very much for your detailed explanations, they where very helpful for me to understand the matter.

Cheers
temporaryuser

Hi all,

comparing pfSense and OPNsense side-by-side I noticed a major difference in the Firewall>Traffic Shaper menu
There seem to be great differences in the general approach and in the available options.

Since I have not used Traffic shaping with pfSense or OPNsense, but will have to use it from now on, I am wondering what reasons for and the consequences of those differences are.

Is there anybody here who has knowledge about this topic?

Cheers

Hi everyone,

I just stumbled upon this tweet: https://twitter.com/MacLemon/status/712278845425115136

Can somebody explain to me what it is that MacLemon is complaining about?

Cheers

For all of you who suggest keeping an virtualization environment metal apart from the firewall metal: I totally agree - in general. And anyone who has 2 metals, should do so.

But there is one case of which I am favoring to put the firewall and the virtualization on one metal together:

The case where you have a metal hosted (and only one metal!) at some web host. There you can either chose just to run the virtualization environment on the metal without a firewall - or to compromise and put both, the virtualization environment AND the firewall onto the same metal, and have some increased security and/ or functionality.

Now, if it is better to run an virtualization environment of your choice and then have the firewall run in a virtual machine - or to install the firewall bare metal and use it's built in virtualization capabilities... well, I guess there are advantages and disadvantages to both solutions. But I cannot really imagine, that e.g. OPNsense's virtualization capabilities can seriously be compared with some dedicated solutions such as the above-mentioned VMWare ESXi, Proxmox VE, etc.
I guess the also above-mentioned way to use the basic firewall functionalities of e.g. Proxmox for basic defense of the Virtualization Environment and then have a full-fledged firewall solution such as OPNsense to separate and protect the virtual machines, makes more sense, doesn't it?

Cheers

Thanks, azdps, for your support ;-)

The link works for me in Firefox.
But IE and Chrome ends with an 404 error from github.

Interesting, I was using Firefox, when the link did not work (same effect, brought me to github with 404).
But I updated to FF45 last night and today... the same link works for me. Maybe it had something to do with the update but I don't know.

Hello all,

thank you for your update today to 16.1.7.

I came from pfSense and am still very new to this project. Currently I am still in the state of exploring everything and testing OPNsense, comparing it to pfSense, etc. but I can say already that I am impressed of how your project "looks and feels".

Among others, I find the positive and very polite vibes in the forum and on github noteworthy, as well as your ambitious and well organized fixed release cycles. I understand, that your fork is not long ago and that many things still might not be as mature as at pfSense, but I expect that if you continue with your fast pace and positive flow, soon you will have taken the lead in Free and Open Source Firewalls. Your openness is key to that, too.

Thank you a lot!

Cheers
temporaryuser

P.S. I saw that the last minor releases where all occurring on a weekly base, every Wednesday. Is that coincidence or did you arrange a fixed release plan for the minor releases, too?

Hi franco,

Thank you for your detailed answer!

for 16.1 we've made that a reality. <snip>
There aren't many plugins yet <snip>
User contributions are now key, and there weren't any (official ones) yet. <snip>

I see, I wish OPNsense that some users will come along who are willing and capable of contributing some plugins, soon!

What does it take to write a plugin? https://docs.opnsense.org/development/examples/helloworld.html

Great! Thank you for this link.

Would be great if you would support Python, too, some day ;-)

I apologise for addressing a larger audience with this response. I felt this was necessary as it comes up quite a bit lately. If there are more specific questions we can gladly discuss them. :)

No problem at all, glad that obviously a broader user base is interested in plugins, so some first contributions might come flying in soon.

Cheers
temporaryuser

Hi,

I can not find a Package Manager (and packages) in OPNsense, as pfSense has them. Does OPNsense not support such add-on packages or did I just overlook them?

Thank you
temporaryuser

Really? It works fine for me, maybe it's your browser but the OPNsense github is here: https://github.com/opnsense/core

Thank you very much, phoenix!

Regards
temporaryuser

Hi phoenix,

I guess they get reported on github: https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+opnsense

Thanks for the information about github. Unfortunately your link is broken, could you please resend it?

Thank you
temporaryuser

Hi,

where do you want us to report bugs and/ or feature requests to? Into this forum, or do you maintain a bug tracker somewhere?

Cheers
temporaryuser

Hi Franco & Maciej,

That would indeed be helpful. Can you PM me the download link?

Is there any update on this serious matter?

Regards
temporaryuser

Hi Zeitkind,

If you are using proxmox, it has a small built in firewall which will be OK for most simple tasks.

Thank you very much for this information!

Cheers
temporaryuser