Messages

Do you have a rule which allows traffic on that port or forwards the port to something else? You also need to have a service which listens on that port (accepts connections), what is that service? Also, what kind of port are we talking about, TCP or UDP?

If you have no rules allowing/forwarding traffic on that port, try scanning with something else, there's a chance that the scanner is not accurate.

I had my share of problems with OPNsense over time, but security wasn't one of them, never read about the firewall not doing its job, so I'm almost certain it's not OPNsense related :-)

No worries, we are all constantly learning stuff. Glad to hear you made it work!

Welcome to OPNsense!

And yet, we all here picked OPNsense over pfsense.. and many coming from pfsense.

Very happy to hear it helped.
You're welcome!

Are you scanning from the internet or locally from your LAN?

PPPoE is single threaded and will eat up a lot of CPU if the traffic is intense and the CPU is not powerful enough...

You can disable (set it to "disabled") IPv6 entirely on the WAN.

Hi and welcome!

#1 You can use advanced firewall rules for this
#2 You can use firewall rules and 2FA to enforce ssh, combined with security certificates
#3 Check your IDPS alerts and allow blocked but needed resources
#4 Which ones? Firewall logs?
#5 Don't understand this question
#6 You can create other users and assign permissions, root can be disabled, all from the WebGUI

This is a good starting place to learn about the features of OPNsense:
https://wiki.opnsense.org/manual.html

It should automatically update your IP address stored and used by your OpenDNS account.

Do you have "Filter DNS requests using OpenDNS" checked?

According to IANA (https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml), only 100.64.0.0/10 (100.64.0.0 –100.127.255.255) is considered as special purpose address block (https://tools.ietf.org/html/rfc6598).

Is this the case? It is important not to act on any other address blocks.

Good to hear you made it work! CentOS has its firewall enabled by default, so you must add exceptions for anything.

Thanks for your feedback. You can just prepend [Solved] to the title yourself, if you'd like.

Only local resources are denied when captive portal is up? Pinging outside resources works?

Thank you for your feedback, glad to hear it worked out!

Thanks for your feedback, appreciated.
Also, you can prepend [Solved] to the title if you feel you no longer have related issues.
Thanks again.

Well.. this is over my head, so I'll leave you in very good hands, I'm sure Franco will get to the bottom of this :)

WAN: IPv4 is PPPoE, IPv6 is DHCPv6
LAN1: IPv4 is "Static IP", IPv6 is "Track interface"
LAN2: IPv4 is "Static IP", IPv6 is disabled (this is for the guest wifi network, without a captive portal)

On both LANs, DHCPv4 is running, no DHCPv6.
Simple, by the book setup :)