Messages

You can flush the ntopng section using this command (safely with data inspection and backup):

# pluginctl -f OPNsense.ntopng


Cheers,
Franco

Note this is not RC2, this is the development version of RC2 ;)

# opnsense-patch https://github.com/opnsense/core/commit/c9a3a841275

Thanks for the report!


Cheers,
Franco

# opnsense-patch https://github.com/opnsense/core/commit/e6ef56170e2

You seem to have a lot of GUI callers? :)

Does this work for you?

# find /var/lib/php/sessions/ -name "sess_*" | xargs rm


Cheers,
Franco

This looks like a very minor misunderstanding of how PHP version_compare() reacts to FreeBSD's package manager way of abbreviating "RC" releases as a single "r" instead.

I can fix, but it has no relevancy for 25.1 anymore requiring a fix to fix this but when the next version is not "r3" it doesn't matter.  ;)


Cheers,
Franco

What up!

Just a small update to ship the latest changes and fixes.  The anti-lockout
not working was finally addressed.  Thanks for all the valuable feedback on
the forum!

Here are the full patch notes against version 25.1-RC1:

o system: prioritize index page and prevent redirection to a /api page on login
o system: mute disk space status in case of live install media
o system: optimize system status collection
o firewall: add experimental inline shaper support to filter rules
o firewall: add missing columns on one-to-one NAT page
o firewall: fix unassociated rule creation
o firewall: fix anti-lockout and "allow access to DHCP failover" automatic rules
o firewall: add optional authorization for URL type aliases
o installer: fixed missing prompt and help text in ZFS disk selection
o installer: warn on low RAM for ZFS as well
o installer: added a power off option
o intrusion detection: policy content dropdown missing data-container
o intrusion detection: cleanse metadata for brackets
o ipsec: add banner message when using custom configuration files
o monit: flag file overwrites when they exist
o openvpn: add validation pertaining to auth-gen-token and reneg-sec combinations
o unbound: cleanup available blocklists and add hagezi blocklists
o unbound: flag file overwrites when they exist
o mvc: fix NetworkValidator for IPv4-mapped addresses with netmask (contributed by John Fieber)
o plugins: turning binary data into JSON may fail globally
o plugins: os-caddy 1.8.1[1]


Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr

Fixed now in RC2 (it's online).

Created a ticket for it https://github.com/opnsense/core/issues/8242

I think we internally discovered the anti-lockout wasn't working as expected but it was never tracked on GitHub so I think we need to fix for RC2 today.


Thanks,
Franco

Hey Alex, yay :)

Tailscale is included since 24.7.11.

Maybe ask git or GitHub developers or check your local proxy or security policies. It's a big repository. Sporadic fails during cloning are not unusual given that network operations could fail anywhere for any unspecific reason.


Cheers,
Franco

It's sort of funny considering we contributed better NAT logging through pflog into FreeBSD even ;)

NAT rules are logged using "rdr", "nat" and "binat" actions in the live log (or plain filter logs).  Some NAT types of the GUI may not allow a logging option yet which is also for legacy reasons alone...


Cheers,
Franco

It's there now :)

A hotfix release was issued as 24.7.12_2:

o plugins: turning binary data into JSON may fail globally
o unbound: fixup permission on copy
o ports: openvpn 2.6.13[11]

The upgrade path from the development version to 25.1-RC1 is also available now.

[11] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.13