"
To bad. You got me pegged right. Linux (in fact, salt stack managed QubesOS) is my daily driver. Seem to have to return to bare bones eventually. To bad the integration of hard- and software available in the Deciso products is what attracted me. Is there any FW product like that (open source SW with tailored hardware) that would appeal to more adminy rather than clicky pointy types?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Re: No-GUI Configuration/Management?
May 01, 2024, 02:33:51 PM
Indeed. Local git is what I used to run on the shorewall setup. BUT: is Opnsense even setup for CLI administration? Are all the configuration option spread over a plethora of files?
#3
General Discussion / No-GUI Configuration/Management?
May 01, 2024, 01:44:32 PM
For years I ran a FW based on shorewall et al and was very happy with it's config file based operation, that allowed me to git track everything I was doing as well as include comments why I was doing it into the config files.
Havoing now switched to OpnSense on Deciso hardware, I, in contrast, find the GUI less convenient with respect to tracking changes and documenting them.
How do people handle documentation of configuration changes and tracking them in general?
Havoing now switched to OpnSense on Deciso hardware, I, in contrast, find the GUI less convenient with respect to tracking changes and documenting them.
How do people handle documentation of configuration changes and tracking them in general?
#4
21.7 Legacy Series / Re: Newby: Mys(t)ery Failure of Rule
December 28, 2021, 09:58:51 AM
Many thanks for your explanation and solution - that makes it work the way I intended it.
#5
21.7 Legacy Series / Newby: Mys(t)ery Failure of Rule
December 27, 2021, 02:35:43 PM
I started playing with a shiny new Opnsense box ... and immediately ran into trouble.
(Among other things) I have
As a result, the rules table for the Periphery interface looks like this:
I expect this to provide web access to the devices in the network served by the Periphery interface.
The logs, however, show such traffic being denied by the Default deny rule from the floating set, implying that the last rule above fails.
What am I doing wrong? Thanks for any pointers.
(Among other things) I have
- interfaces named ExternalInternetWan and Periphery
- setup DNS forwarding following https://forum.opnsense.org/index.php?topic=9245.0
As a result, the rules table for the Periphery interface looks like this:
Code Select
Protocol Source Port Destination Port Gateway Schedule Description
Automatically generated rules
IPv4 UDP * 68 255.255.255.255 67 * * allow access to DHCP server
IPv4+6 UDP * 68 (self) 67 * * allow access to DHCP server
IPv4+6 UDP (self) 67 * 68 * * allow access to DHCP server
IPv4 TCP/UDP * * 127.0.0.1 53 (DNS)* * Reroute all DNS Queries through the Firewall
IPv4+6 * * * This Firewall * * * Allow traffick to the firewall
IPv4+6 * * * ExternalInternetWAN net * * * Allow traffick into the external network
I expect this to provide web access to the devices in the network served by the Periphery interface.
The logs, however, show such traffic being denied by the Default deny rule from the floating set, implying that the last rule above fails.
What am I doing wrong? Thanks for any pointers.
Pages1
