Messages

That makes perfect sense, didn't think about how modifying rules could affect the state listing.  I've been making lots of changes as this is a new firewall, so that explains everything.  I'll keep an eye on it after a reboot and see how the rules match up then.

Thank you for your response!

Can somebody help explain to me how the state listing works?  I guess my main question is why are these sessions being marked with the specific rule?  The rules listed have nothing to do with the sessions listed.  For example, "allow access to DHCP server" is an automatic rule, yet, looking at those states, DHCP doesn't use port 8883, let alone TCP...  This is the case for my "Allow Airplay to IoT" rule as well.  Those ports (5223) are not included in that rule.  Is this a bug, am I just not understanding how OPNSense is detecting the sesions?

Thanks!

I like the idea of using a GUA based range for my home network and doing NAT on it.  One of my cloud providers hands out a routable /48 with every VPS, so I could easily use one of those and as long as I don't use it in the cloud, I'd never blackhole myself.  I was thinking of even doing a P2P Wireguard tunnel and just using that entirely for my IPv6 and don't use my PD from Comcast at all.  Or setting up an HE.net IPv6 tunnel.

Sounds like it's decision time. lol

Thank you both pmhausen and bimbar for the suggestions.

First post here, so hello everyone! I'm a recent convert from OpenWRT, tried pfSense but I feel it didn't really live up to the hype and the UI is atrocious...  Decided to install OPNSense and I've loved it so far!!

In OpenWRT I was able to assign the interface identifier of a delegated IP6 prefix to a LAN interface. I'm trying to end up with assigning my firewall an IP of ::1 out of my delegated (tracked) prefix for each LAN interface, but still have the prefix update if the delegated prefix changes from my upstream ISP.  Is this possible with OPNSense?

Thanks!
Richard