Messages

I also just upgraded and am a bit confused by the phrasing on the IPv6 changes.

"Dnsmasq is now the default for DHCPv4 and DHCPv6 as well as RA out of the box.  One thing that the upstream software cannot cover is prefix delegation so that is no longer offered by default.  Use another DHCPv6 server in this case."

I previously used Track interface and ISC was handling the DHCPv6, KEA is handling DHCPv4.

Now I switched from Track Interface (legacy) to Identity association and obviously my clients cannot get any DHCPv6.

What would be the correct way forward?
Can I keep KEA for DHCPv4 and use DNSmasq for DHCPv6?
Or should I migrate everything from KEA and use DNSmasq for both?

I think Zenarmor is one of the worst examples of reverse feature creep I've ever seen in an application.

At the time, Sensei was actually one of the reasons that made me decide to switch from pf to OPN. Paid for home license for two years but after losing features year after year it was not worth it in the end. Looks like they are still trying to find ways to limit their application.

Hi all,

I setup haproxy a long time ago and through blood and sweat I managed to get it to work.
I now want to make some changes and I can't remember what I did!

The main problem I am having is I want to change my front end authenticator from authelia to tinyauth.
looking at the config file, I have a bunch of stuff I somehow managed to manually add to the file, under my public facing services I have a line in the config saying  # WARNING: pass through options below this line, with a bunch of stuff I somehow managed to stick underneath it, but I don't remember where or how I did it, and I need to make some changes to these.

if it helps, whenever I test syntax, I get a soft warning message with a bunch of "[WARNING] (33030) : config : parsing [/usr/local/etc/haproxy.conf.staging:132] : a 'http-request' rule placed after a 'use_backend' rule will still be processed before."

That warning is just a warning and depending on how complex your HAProxy rules are it can be something you just you have to live with. I've been having it for as long as I can remember.

May I suggest tunable replacing realteak with Intel NIC.

You could take a look at LNAV:

https://lnav.org/

Yeah it's that zenarmor crap doing it.

My OPNsense installation have been alot more "Zen" since I just stopped using that piece of trash software.

Then don't lol.

Current DHCPB is not going away (yet).


I'm very happy to see them implement KEA as it's the way.

Cloudflares WAF is a god compared to Zenarmor.

You cannot even compare them feature wise.

Oh boy, I used to be a big fan of Zenarmor. Now I'm actually considering cancelling my subscription.

Yeah, I canceled my home subscription. Not really worth it anymore, poor QA along with nerfing features was enough for me.

Who cares about a fancy webui when the core features gets broken.

I've never added whitelisted entries from the reporting tab so I wouldn't know.

I add my whitelisted domain in:

Services --> Unbound DNS --> Blocklist
Whitelist Domains: Input FQDN or use regexp.

Does the gateway reply to ICMP?

Try pinging it from your PC.

It works for me, what is the FQDN and how does your whitelist entry look?

I guess you could use something to parse the DHCP-log.

However, if you are not explicitly bound to DHCP you could use https://virtualize.link/opnarp/ to be alerted of new ARP entries.

Lol...

You call them crooks yet they deliver one of the best open source firewalls for free.

How about you keep better track on your subscriptions next time?

Haven't used the API so cannot comment on that but the txt lists from here works great:

https://www.cloudflare.com/ips/