Messages

Can this combined rule be separated into two, one for a state validation failure, and a separate one for Default Deny?

Rationale: When I rebuilt our Firewall over the Christmas break, there were a number of anomalies as I tried to get rules working correctly. It was a significant impediment not knowing whether traffic was passed or blocked because my rules were incorrect, or simply because I had cleared states to ensure that the rules would be applied after changing them.

Even now, with everything working, I see many periodic "Default deny / state violation rule" events logged continuously from sources to targets that should be passed, and appear to be working just fine. So I assume that for some reason the state was invalid... but I don't know.

I assume without confidence, because, well, what else could it be? And that's my point; rules are confusing enough without having ambiguity in the default rules.

My test installation of OPNsense is connecting to 4 servers in various countries, USA (x2), Czechia, and Iran for reasons I can't identify. The IP addresses are 184.105.182.16, 89.221.210.188, 37.156.28.13, and 23.131.160.7 and connections are made about every 5 minutes. The installation is a vanilla install at this point, with nothing that ought to be polling for anything that I am aware of.

The only plugins I've installed are: acme-client (still disabled), maltrail, netdata, and ntopng.

Any ideas? I'm sure it's nothing, but I am mildly alarmed by this.

Hi All,

I am currently using pfSense for my home network and know that quite well. However, I have put together new hardware from a retired low-end Ryzen system and so I'm considering switching to OPNsense which I've installed it on the new box to play around with it. My plan is to reproduce the config I have on the current pfSense firewall (except anything that requires the actual NICs to be there), and then take my network down for an hour or so while I switch it over and do final config.

I have a few questions about OPNsense:

• Is there any way to change the date/time format shown in the Web GUI? I currently see very verbose timestamps like this: "Wed Jul 24 2019 15:00:00 GMT-0700 (Pacific Daylight Time)" and I'd like to see "2019-07-24 00:00:00 Wed".
• Is is possible to create Interfaces unassigned to a NIC and assign them when I put the card in the new machine (pretty sure the answer here is no)?
• Is it possible to rename the root user to "admin", or do I need to create a second user? If the latter, can I then disable or delete the root user?
• Is it possible to utilize a firewall HDD as a LAN file-share?
• Is it possible to keep config backups on a USB drive instead of the main HDD? I don't want to use cloud storage, but I don't want to be vulnerable to a simple HDD failure either for recovering config (I don't mind a hour or so downtime while I swap in a new HDD, reinstall, and then reapply the config; but rebuilding my config from scratch is hours of work).
• Am I correct in thinking that they only way to know about an update is to manually click the link on the dashboard? The system itself doesn't periodically check for updates?
• I suppose I should ask if there is any support yet for importing a pfSense config file?
• Why is the remote syslog daemon running if I have not enabled it in configuration?