Messages

Das Netzdiagramm kann man so machen, ich würde aber die OPNSense direkt an die Fritzbox und den Rest dann alles hinter die OPNSense.

IPv6 halte ich für zu komplex, das sprengt mit all den Detailkomplexitäten sicher den Rahmen.

Mikrotik kann man sich auch schön ein Konfigurationstemplate machen, was man dann nur Copy&Paste aufbringt.

Aber das wären auch meine Kandidaten gewesen, Unifi und Mikrotik.

Same problem here, same solution works. No idea why. On another firewall with haproxy, it works.

I pay 12 cents Canadian per kWh (8 cents USD, 7 Eurocents, 6 pence) so my router would have to be using a truly biblical amount of power before I'd consider changing it to something else.

Well, I pay 27 cents european.

IMO the power bills are too high with hardware like that. Better buy a cheap N100 system or something similar. Or at least that was true before the techbros bought all the RAM.

Ich verstehe es nicht... Wenn die GUA sich ändert (welche?), dann passiert was?

Wenn die Public IP von der Firewall sich ändert, auf die ja das SNAT passiert, dann muss die Firewall nicht nur die IP ändern sondern auch die SNAT Regel entsprechend mitnehmen auf die neue IP.
Das hat bei mir mit v6 nicht zuverlässig funktioniert, dann ist alle paar Tage das v6 ausgefallen. Ich halte das für einen Bug, aber das ist halt auch ein extrem selten genutztes Feature.

[Or at least scale the frame to the full height that is available?]

I know you're helping Patrick but it doesn't make things easier here. This is the first post:

Maybe we can get rid of the scrolling subframe? Or at least scale the frame to the full height that is available?

On my screen the firewall rules window uses about half of the available height, but I can scroll way down

This is the commit in 26.1.6:

https://github.com/opnsense/core/commit/0e999cc5a

OP asked for it but did not acknowledge its existence.

One of the reasons we ask for actionable tickets is so the requester can confirm that is what they wanted (or not).

Everybody else adding related context in this forum thread doesn't help progress the initial request anymore.


Cheers,
Franco

Yes, I did not catch that. It is true that this particular bug is fixed, thank you.

Still, the general problem of poor space usage remains. So I completely agree with Patrick on that matter.

I'm not sure what you want exactly. If something as clear as "there is too much empty space, please use it more efficiently" from the perspective of an end user is not good enough, you should probably document it somewhere.

Can we, perhaps, all acknowledge that the complaints of especially the long time users and/or contributors are reasonable and deserve to be heard and discussed in good faith?

Coming back to the general issue of modern UIs - there is a general trend to waste space. I don't think that is something one should accept as normal and reasonable.
The reason that I attach so much importance to this is that this is the central problem of managing firewalls - keeping track of a potentially large
amount of rules.

The answers to that I read in the linked issue do not convince me - like "you should use categories heavily and select only one at a time".
The situation on the ground is that I come into setups I have not built myself and need the be able to work with them. Literally everything is possible, it's like the wild west, and I have never yet taken over a well configured firewall.

That means it is absolutely crucial to be able to get a good overview over a considerable amount of rules just by looking at that firewall rule table.

So those perhaps 20% of wasted vertical space do matter.

Size-shaming us now, eh? 😂

Less my intention, more saying that the kind of hardware you need to push past sustained 10Gbit/s is immense, even 25Gbit/s (stateful firewall performance) is already quite a challenge for a small company.

If you ever played Factorio, it's the difference between launching your first rocket, to launching it sustained with no breaks.

A small raspberry Pi or N100 is just not the target audience for this kind of sustained load, you need a big server and switches that can handle it etc... and these are all well beyond homelab or small business budgets.

And in these environments, admins who know the likes of Juniper, also know about BSD like systems (Junos is FreeBSD based, just as an example).

Having worked in those circles for 15 years, I doubt a junos admin knows BSD.

Anyway, if we're talking that kind of hardware, Cisco switches are widely used, for routers, of course Cisco, if you want to go european, probably Nokia. I'm not so sure about firewalls, Fortinet is very popular, if you want to go european, maybe Sophos?
For switches, I don't see any good options for open source. Nor for routers. Firewalls is a bit better, but beyond opnsense there's not much either.

So, to summarize, I doubt they'll go FOSS for the networking stuff.

As to the sustained load thing, I don't see any problems with N100 or something like that, there's many a cisco router that struggles to do 100MBit out there.

Not sure what linux firewall that would be, I don't know of any that is actually on the level of opnsense.

Also I don't know if the network infrastructure will also be open source.

The main question for me is the future of freebsd, I'm fairly sure that linux is more of a long term thing.
Additionally, what I read in the other thread about the way freebsd is managed, does not fill me with confidence.

This Firewall hat bei mir immer funktioniert - vielleicht mal mit pfctl -s auf der CLI nachschauen, was da genau wie konfiguriert wurde.

That looks quite interesting, except for the price.

With the background of the various freebsd controversies, this does not seem like such a far fetched idea as it did years ago.