Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - vpx23

#1
FreeBSD does not use secure boot so I guess you can safely choose "Restore Secure Boot to Factory Settings".

The option "Enforce Secure Boot" is greyed out, I found this information in the docs of a Honeywell RT10W tablet:

QuoteEnabling "Enforce Secure Boot" will not work, as the option is greyed out. This is due to missing credentials. To get default credentials inserted, the option "Restore Secure Boot to Factory Settings" needs to be enabled. A following reboot is required. Afterwards "Enforce Secure Boot" is available.
https://sps-support.honeywell.com/s/article/RT10W-In-the-BIOS-Enforce-Secure-Boot-is-grayed-out
#2
Yes, I know there is already a thread about this: https://forum.opnsense.org/index.php?topic=48145.0

I didn't want to dig it out but I want to add some more information and have a little summary.

I suppose some people will stumble over this in the future as many people (me included) are not aware that they have to update their boot loader themself.

I only saw this ASCII message by chance when I did a change in my BIOS settings, otherwise my OPNsense box is headless (running without input devices and monitor).

**********************************************************************
**********************************************************************
*****                                                            *****
*****           BOOT LOADER IS TOO OLD. PLEASE UPGRADE.          *****
*****                                                            *****
**********************************************************************
**********************************************************************

^ This is the message we are talking about, it originates in the FreeBSD base system, so the check is in upstream, not in OPNsense itself.

Here is the actual code to it: https://github.com/freebsd/freebsd-src/blob/50caa0ea0c16499c40e785b5aa37053b180b2830/stand/lua/core.lua#L579

All it does is to check if the boot loader is below revision 3.0

You can check the revision of the boot loader installed in the OS with this command:

strings /boot/loader.efi | grep "EFI loader"
Output:
DFreeBSD/amd64 EFI loader, Revision 3.0

You can check the revision of the boot loader actually loaded with this command:

strings /boot/efi/efi/freebsd/loader.efi | grep "EFI loader"
Output:
FreeBSD/amd64 EFI loader, Revision 1.1
There's also another method of finding out if you boot from MBR or GPT:

efibootmgr -v
Output:
Boot to FW : false
BootCurrent: 0001
Timeout    : 2 seconds
BootOrder  : 0001, 0002, 0000
+Boot0001* UEFI OS HD(1,GPT,f7a9b7de-952f-11ee-a368-00e04c681a07,0x28,0x82000)/File(\EFI\BOOT\BOOTX64.EFI)
                      gpt/efiboot0:/EFI/BOOT/BOOTX64.EFI /boot/efi//EFI/BOOT/BOOTX64.EFI
 Boot0002* Hard Drive  BBS(HD,,0x0)
 Boot0000  ipfire VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)
                 HD(2,MBR,0x1aca948e,0x100800,0x10000)/File(\EFI\IPFIRE\GRUBX64.EFI)


Unreferenced Variables:
(As you see I once used IPFire :)

So the easiest way to update your boot loader is to use the shell script of Emrion which was already discussed in the old thread.

Connect to your OPNsense box via SSH or the serial console.

Only input:

curl -O https://raw.githubusercontent.com/Emrion/uploaders/refs/heads/main/loaders-update
chmod +x loaders-update
./loaders-update show-me
./loaders-update shoot-me
y
y
y

Input and output:

root@OPNsense:~ # curl -O https://raw.githubusercontent.com/Emrion/uploaders/refs/heads/main/loaders-update
  % Total    % Received % Xferd  Average Speed  Time    Time    Time   Current
                                 Dload  Upload  Total   Spent   Left   Speed
100  18231 100  18231   0      0 99.33k      0                              0
root@OPNsense:~ # chmod +x loaders-update
root@OPNsense:~ # ./loaders-update show-me
loaders-update v1.3.2

One or more efi partition(s) have been found.

Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
Would run: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Would run: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi

One or more freebsd-boot partition(s) have been found.
The root file system is zfs.

Examining ada0...
Would run: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0

-------------------------------
Your current boot method is UEFI.
Boot device: ada0p1 File(\EFI\BOOT\BOOTX64.EFI)
Updatable EFI loader: 2
Updatable BIOS loader: 1
-------------------------------
root@OPNsense:~ # ./loaders-update shoot-me
loaders-update v1.3.2

One or more efi partition(s) have been found.

Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
About to execute: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Are you sure (y/N)? y
About to execute: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
Are you sure (y/N)? y

One or more freebsd-boot partition(s) have been found.
The root file system is zfs.

Examining ada0...
About to execute: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0
Are you sure (y/N)? y
partcode written to ada0p2
bootcode written to ada0

-------------------------------
Your current boot method is UEFI.
Boot device: ada0p1 File(\EFI\BOOT\BOOTX64.EFI)
Updated EFI loader: 2
Updated BIOS loader: 1
-------------------------------
root@OPNsense:~ #

That's all folks.

@franco Is it possible to integrate the loaders-update shell script into the update process? Or are there any reasons against it?


Resources:

https://github.com/Emrion/uploaders/tree/main
https://www.freshports.org/sysutils/loaders-update
https://forums.freebsd.org/threads/verify-loader-version.96446/
https://www.jan0sch.de/post/freebsd-upgrade-uefi-bootloader/
https://github.com/opnsense/ports/tree/master/sysutils/loaders-update
#3
Just a quick response, it now works again without any changes on my side.
#4
I get this error in the dashboard after the update to 26.1.8.

You cannot view this attachment.

A second reboot also didn't resolve it.

I'll wait till the next sync in the TIP dashboard and see if that resolves it.

The latest update of Q-Feeds (1.6) states: "Feature: Add alert when license expired or invalid".

But my API key is listed to never expire so it could only be a bug.

Either that or the license "Community - Self-Provisioned" expired for everyone and we have to create a new API key?
#5
Adblocker and CanvasBlocker are off, I suspect something in LibreWolf causes the bug. Does anybody using LibreWolf on Windows have the same bug?
#6
OK, I found the explanation on Wikipedia:

QuoteThe IBM System 360 and the related disk and tape systems set the byte at 8 bits and documented capacities in decimal units.[38] The early 8-, 5.25- and 3.5-inch floppies gave capacities in multiples of 1024, using "KB" rather than the more accurate "KiB". The later, larger, 8-, 5.25- and 3.5-inch floppies gave capacities in a hybrid notation, i.e., multiples of 1024,000, using "KB" = 1024 B and "MB" = 1024,000 B. Early 5.25-inch disks used decimal[dubious – discuss] even though they used 128-byte and 256-byte sectors.[39] Hard disks used mostly 256-byte and then 512-byte before 4096-byte blocks became standard.[40]
Source

Being an IBM product it makes sense that this hybrid notation was used in Postfix.
#7
Im Release von 26.1 steht "... default IPv6 mode now using Dnsmsaq [sic] for client connectivity".

Weiß aber nicht ob das nur für den DHCP-Server gilt oder auch für den DHCP-Client bei den Interfaces.

Das ISC-DCHP wird ja langsam ausgemustert.
#8
I just updated from 26.1.2 to 26.1.5 and got this popup:

You cannot view this attachment.

Which log is it referring to? The update log or another log? In the latter case it would be nice if the error message stated which log.

By the way where can I find the update log after a reboot?

Here is the update log:

***GOT REQUEST TO UPDATE***
Currently running OPNsense 26.1.2_5 (amd64) at Mon Mar 30 17:32:36 CEST 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (24 candidates): .......... done
Processing candidates (24 candidates): .......... done
The following 76 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
colordiff: 1.0.22
py313-Babel: 2.18.0
py313-Jinja2: 3.1.6
py313-aioquic: 1.3.0_1
py313-anyio: 4.12.1
py313-async_generator: 1.10_1
py313-attrs: 25.4.0
py313-bottleneck: 1.6.0
py313-certifi: 2026.1.4
py313-cffi: 2.0.0
py313-charset-normalizer: 3.4.4
py313-cryptography: 46.0.5,1
py313-dnspython: 2.8.0_1,1
py313-duckdb: 1.5.0
py313-h11: 0.16.0
py313-h2: 4.1.0_1
py313-hpack: 4.0.0_1
py313-httpcore: 1.0.9
py313-httpx: 0.28.1_1
py313-hyperframe: 6.0.0_1
py313-idna: 3.11
py313-jq: 1.11.0
py313-ldap3: 2.9.1_1
py313-markupsafe: 3.0.3
py313-numexpr: 2.14.1
py313-numpy: 1.26.4_12,1
py313-outcome: 1.3.0_2
py313-packaging: 26.0
py313-pandas: 2.3.3,1
py313-pyasn1: 0.6.0
py313-pyasn1-modules: 0.4.1
py313-pycparser: 2.23
py313-pylsqpack: 0.3.23
py313-pyopenssl: 25.3.0_1,1
py313-pysocks: 1.7.1_1
py313-python-dateutil: 2.9.0
py313-pytz: 2025.2_1,1
py313-pyyaml: 6.0.3
py313-requests: 2.32.5
py313-service-identity: 24.2.0
py313-six: 1.17.0
py313-sniffio: 1.3.1
py313-socksio: 1.0.0_1
py313-sortedcontainers: 2.4.0_1
py313-sqlite3: 3.13.12_10
py313-trio: 0.33.0
py313-truststore: 0.10.4
py313-tzdata: 2025.3
py313-ujson: 5.12.0
py313-urllib3: 2.6.3,1
py313-vici: 6.0.3
python313: 3.13.12

Installed packages to be UPGRADED:
dnscrypt-proxy2: 2.1.5_22 -> 2.1.15_1
dnsmasq: 2.92,1 -> 2.92_2,1
jansson: 2.14.1 -> 2.15.0
kea: 3.0.2_1 -> 3.0.2_2
libucl: 0.9.3 -> 0.9.4
libunistring: 1.4.1 -> 1.4.2
libxml2: 2.15.1_1 -> 2.15.2
nss: 3.120 -> 3.121
openldap26-client: 2.6.12 -> 2.6.13
opnsense: 26.1.2_5 -> 26.1.5
opnsense-installer: 25.1_1 -> 25.1_2
opnsense-lang: 26.1.1 -> 26.1.4
opnsense-update: 26.1.1_1 -> 26.1.3
os-isc-dhcp: 1.0_3 -> 1.0_4
os-q-feeds-connector: 1.4_1 -> 1.5_1
os-wol: 2.5_3 -> 2.5_4
perl5: 5.42.0_1 -> 5.42.1
php83-phpseclib: 3.0.49 -> 3.0.50
smartmontools: 7.5_1 -> 7.5_2
strongswan: 6.0.3_1 -> 6.0.4
suricata: 8.0.3_1 -> 8.0.4
syslog-ng: 4.10.2 -> 4.11.0_1

Installed packages to be REINSTALLED:
glib-2.84.4,2 (direct dependency changed: python313)
unbound-1.24.2_1 (direct dependency changed: python313)

Number of packages to be installed: 52
Number of packages to be upgraded: 22
Number of packages to be reinstalled: 2

The process will require 504 MiB more space.
148 MiB to be downloaded.
[1/76] Fetching unbound-1.24.2_1.pkg: .......... done
[2/76] Fetching py313-idna-3.11.pkg: .......... done
[3/76] Fetching py313-markupsafe-3.0.3.pkg: ... done
[4/76] Fetching py313-outcome-1.3.0_2.pkg: .. done
[5/76] Fetching opnsense-update-26.1.3.pkg: ..... done
[6/76] Fetching py313-pyopenssl-25.3.0_1,1.pkg: .......... done
[7/76] Fetching py313-socksio-1.0.0_1.pkg: ... done
[8/76] Fetching py313-service-identity-24.2.0.pkg: ... done
[9/76] Fetching py313-sortedcontainers-2.4.0_1.pkg: ....... done
[10/76] Fetching py313-cffi-2.0.0.pkg: .......... done
[11/76] Fetching nss-3.121.pkg: .......... done
[12/76] Fetching py313-h2-4.1.0_1.pkg: .......... done
[13/76] Fetching libunistring-1.4.2.pkg: .......... done
[14/76] Fetching py313-packaging-26.0.pkg: .......... done
[15/76] Fetching py313-dnspython-2.8.0_1,1.pkg: .......... done
[16/76] Fetching py313-sniffio-1.3.1.pkg: .. done
[17/76] Fetching os-isc-dhcp-1.0_4.pkg: ..... done
[18/76] Fetching python313-3.13.12.pkg: .......... done
[19/76] Fetching py313-pyyaml-6.0.3.pkg: .......... done
[20/76] Fetching py313-hyperframe-6.0.0_1.pkg: ... done
[21/76] Fetching py313-pysocks-1.7.1_1.pkg: .... done
[22/76] Fetching py313-pyasn1-0.6.0.pkg: .......... done
[23/76] Fetching libxml2-2.15.2.pkg: .......... done
[24/76] Fetching py313-pandas-2.3.3,1.pkg: .......... done
[25/76] Fetching dnsmasq-2.92_2,1.pkg: .......... done
[26/76] Fetching dnscrypt-proxy2-2.1.15_1.pkg: .......... done
[27/76] Fetching py313-pytz-2025.2_1,1.pkg: .......... done
[28/76] Fetching syslog-ng-4.11.0_1.pkg: .......... done
[29/76] Fetching py313-jq-1.11.0.pkg: ....... done
[30/76] Fetching py313-ldap3-2.9.1_1.pkg: .......... done
[31/76] Fetching py313-certifi-2026.1.4.pkg: .......... done
[32/76] Fetching py313-httpcore-1.0.9.pkg: .......... done
[33/76] Fetching py313-bottleneck-1.6.0.pkg: .......... done
[34/76] Fetching py313-Jinja2-3.1.6.pkg: .......... done
[35/76] Fetching py313-charset-normalizer-3.4.4.pkg: .......... done
[36/76] Fetching php83-phpseclib-3.0.50.pkg: .......... done
[37/76] Fetching os-q-feeds-connector-1.5_1.pkg: .... done
[38/76] Fetching py313-truststore-0.10.4.pkg: ..... done
[39/76] Fetching kea-3.0.2_2.pkg: .......... done
[40/76] Fetching py313-cryptography-46.0.5,1.pkg: .......... done
[41/76] Fetching py313-vici-6.0.3.pkg: ... done
[42/76] Fetching os-wol-2.5_4.pkg: . done
[43/76] Fetching py313-aioquic-1.3.0_1.pkg: .......... done
[44/76] Fetching py313-pyasn1-modules-0.4.1.pkg: .......... done
[45/76] Fetching colordiff-1.0.22.pkg: ... done
[46/76] Fetching py313-pycparser-2.23.pkg: .......... done
[47/76] Fetching py313-six-1.17.0.pkg: .... done
[48/76] Fetching py313-trio-0.33.0.pkg: .......... done
[49/76] Fetching jansson-2.15.0.pkg: ......... done
[50/76] Fetching py313-sqlite3-3.13.12_10.pkg: ...... done
[51/76] Fetching py313-urllib3-2.6.3,1.pkg: .......... done
[52/76] Fetching py313-Babel-2.18.0.pkg: .......... done
[53/76] Fetching py313-anyio-4.12.1.pkg: .......... done
[54/76] Fetching py313-pylsqpack-0.3.23.pkg: .......... done
[55/76] Fetching py313-attrs-25.4.0.pkg: .......... done
[56/76] Fetching py313-requests-2.32.5.pkg: .......... done
[57/76] Fetching py313-python-dateutil-2.9.0.pkg: .......... done
[58/76] Fetching suricata-8.0.4.pkg: .......... done
[59/76] Fetching py313-hpack-4.0.0_1.pkg: ........ done
[60/76] Fetching py313-async_generator-1.10_1.pkg: ....... done
[61/76] Fetching py313-numexpr-2.14.1.pkg: .......... done
[62/76] Fetching py313-h11-0.16.0.pkg: ........ done
[63/76] Fetching openldap26-client-2.6.13.pkg: ......... done
[64/76] Fetching py313-tzdata-2025.3.pkg: .......... done
[65/76] Fetching glib-2.84.4,2.pkg: .......... done
[66/76] Fetching libucl-0.9.4.pkg: .......... done
[67/76] Fetching perl5-5.42.1.pkg: .......... done
[68/76] Fetching py313-ujson-5.12.0.pkg: ...... done
[69/76] Fetching opnsense-26.1.5.pkg: .......... done
[70/76] Fetching strongswan-6.0.4.pkg: .......... done
[71/76] Fetching smartmontools-7.5_2.pkg: .......... done
[72/76] Fetching py313-httpx-0.28.1_1.pkg: .......... done
[73/76] Fetching opnsense-installer-25.1_2.pkg: ... done
[74/76] Fetching opnsense-lang-26.1.4.pkg: .......... done
[75/76] Fetching py313-numpy-1.26.4_12,1.pkg: .......... done
[76/76] Fetching py313-duckdb-1.5.0.pkg: .......... done
Checking integrity... done (6 conflicting)
  - os-isc-dhcp-1.0_4 conflicts with opnsense-26.1.2_5 on /usr/local/opnsense/mvc/app/models/OPNsense/Interfaces/Neighbor/dhcpd.php
  - py313-charset-normalizer-3.4.4 conflicts with py311-charset-normalizer-3.4.4 on /usr/local/bin/normalizer
  - py313-pyasn1-modules-0.4.1 conflicts with py311-pyasn1-modules-0.4.1 on /usr/local/bin/cmcdump.py
  - py313-Babel-2.18.0 conflicts with py311-Babel-2.18.0 on /usr/local/bin/pybabel
  - py313-httpx-0.28.1_1 conflicts with py311-httpx-0.28.1_1 on /usr/local/bin/httpx
  - py313-numpy-1.26.4_12,1 conflicts with py311-numpy-1.26.4_12,1 on /usr/local/bin/f2py
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 91 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
colordiff: 1.0.22
py313-Babel: 2.18.0
py313-Jinja2: 3.1.6
py313-aioquic: 1.3.0_1
py313-anyio: 4.12.1
py313-async_generator: 1.10_1
py313-attrs: 25.4.0
py313-bottleneck: 1.6.0
py313-certifi: 2026.1.4
py313-cffi: 2.0.0
py313-charset-normalizer: 3.4.4
py313-cryptography: 46.0.5,1
py313-dnspython: 2.8.0_1,1
py313-duckdb: 1.5.0
py313-h11: 0.16.0
py313-h2: 4.1.0_1
py313-hpack: 4.0.0_1
py313-httpcore: 1.0.9
py313-httpx: 0.28.1_1
py313-hyperframe: 6.0.0_1
py313-idna: 3.11
py313-jq: 1.11.0
py313-ldap3: 2.9.1_1
py313-markupsafe: 3.0.3
py313-numexpr: 2.14.1
py313-numpy: 1.26.4_12,1
py313-outcome: 1.3.0_2
py313-packaging: 26.0
py313-pandas: 2.3.3,1
py313-pyasn1: 0.6.0
py313-pyasn1-modules: 0.4.1
py313-pycparser: 2.23
py313-pylsqpack: 0.3.23
py313-pyopenssl: 25.3.0_1,1
py313-pysocks: 1.7.1_1
py313-python-dateutil: 2.9.0
py313-pytz: 2025.2_1,1
py313-pyyaml: 6.0.3
py313-requests: 2.32.5
py313-service-identity: 24.2.0
py313-six: 1.17.0
py313-sniffio: 1.3.1
py313-socksio: 1.0.0_1
py313-sortedcontainers: 2.4.0_1
py313-sqlite3: 3.13.12_10
py313-trio: 0.33.0
py313-truststore: 0.10.4
py313-tzdata: 2025.3
py313-ujson: 5.12.0
py313-urllib3: 2.6.3,1
py313-vici: 6.0.3
python313: 3.13.12

Installed packages to be UPGRADED:
dnscrypt-proxy2: 2.1.5_22 -> 2.1.15_1
dnsmasq: 2.92,1 -> 2.92_2,1
jansson: 2.14.1 -> 2.15.0
kea: 3.0.2_1 -> 3.0.2_2
libucl: 0.9.3 -> 0.9.4
libunistring: 1.4.1 -> 1.4.2
libxml2: 2.15.1_1 -> 2.15.2
nss: 3.120 -> 3.121
openldap26-client: 2.6.12 -> 2.6.13
opnsense: 26.1.2_5 -> 26.1.5
opnsense-installer: 25.1_1 -> 25.1_2
opnsense-lang: 26.1.1 -> 26.1.4
opnsense-update: 26.1.1_1 -> 26.1.3
os-isc-dhcp: 1.0_3 -> 1.0_4
os-q-feeds-connector: 1.4_1 -> 1.5_1
os-wol: 2.5_3 -> 2.5_4
perl5: 5.42.0_1 -> 5.42.1
php83-phpseclib: 3.0.49 -> 3.0.50
smartmontools: 7.5_1 -> 7.5_2
strongswan: 6.0.3_1 -> 6.0.4
suricata: 8.0.3_1 -> 8.0.4
syslog-ng: 4.10.2 -> 4.11.0_1

Installed packages to be REINSTALLED:
glib-2.84.4,2 (direct dependency changed: python313)
unbound-1.24.2_1 (direct dependency changed: python313)

Installed packages to be REMOVED:
py311-Babel: 2.18.0
py311-Jinja2: 3.1.6
py311-aioquic: 1.3.0_1
py311-bottleneck: 1.6.0
py311-charset-normalizer: 3.4.4
py311-dnspython: 2.8.0_1,1
py311-duckdb: 1.4.4
py311-httpx: 0.28.1_1
py311-jq: 1.11.0
py311-numexpr: 2.14.1
py311-numpy: 1.26.4_12,1
py311-pandas: 2.3.3,1
py311-pyasn1-modules: 0.4.1
py311-requests: 2.32.5
py311-service-identity: 24.2.0

Number of packages to be removed: 15
Number of packages to be installed: 52
Number of packages to be upgraded: 22
Number of packages to be reinstalled: 2

The process will require 259 MiB more space.
Checking integrity... done (0 conflicting)
[1/92] Upgrading dnscrypt-proxy2 from 2.1.5_22 to 2.1.15_1...
===> Creating groups
Using existing group '_dnscrypt-proxy'
===> Creating users
Using existing user '_dnscrypt-proxy'
[1/92] Extracting dnscrypt-proxy2-2.1.15_1: ....... done
[2/92] Upgrading jansson from 2.14.1 to 2.15.0...
[2/92] Extracting jansson-2.15.0: .......... done
[3/92] Upgrading libucl from 0.9.3 to 0.9.4...
[3/92] Extracting libucl-0.9.4: .......... done
[4/92] Upgrading libunistring from 1.4.1 to 1.4.2...
[4/92] Extracting libunistring-1.4.2: .......... done
[5/92] Upgrading libxml2 from 2.15.1_1 to 2.15.2...
[5/92] Extracting libxml2-2.15.2: .......... done
[6/92] Upgrading nss from 3.120 to 3.121...
[6/92] Extracting nss-3.121: .......... done
[7/92] Upgrading openldap26-client from 2.6.12 to 2.6.13...
[7/92] Extracting openldap26-client-2.6.13: .......... done
[8/92] Upgrading os-q-feeds-connector from 1.4_1 to 1.5_1...
[8/92] Extracting os-q-feeds-connector-1.5_1: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
Reloading template OPNsense/QFeeds: OK


Service `cron' has been restarted.
[9/92] Upgrading os-wol from 2.5_3 to 2.5_4...
[9/92] Extracting os-wol-2.5_4: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
[10/92] Upgrading perl5 from 5.42.0_1 to 5.42.1...
[10/92] Extracting perl5-5.42.1: .......... done
[11/92] Installing colordiff-1.0.22...
[11/92] Extracting colordiff-1.0.22: ...... done
[12/92] Installing python313-3.13.12...
[12/92] Extracting python313-3.13.12: .......... done
[13/92] Installing py313-async_generator-1.10_1...
[13/92] Extracting py313-async_generator-1.10_1: .......... done
[14/92] Installing py313-attrs-25.4.0...
[14/92] Extracting py313-attrs-25.4.0: .......... done
[15/92] Installing py313-certifi-2026.1.4...
[15/92] Extracting py313-certifi-2026.1.4: .......... done
[16/92] Installing py313-h11-0.16.0...
[16/92] Extracting py313-h11-0.16.0: .......... done
[17/92] Installing py313-hpack-4.0.0_1...
[17/92] Extracting py313-hpack-4.0.0_1: .......... done
[18/92] Installing py313-hyperframe-6.0.0_1...
[18/92] Extracting py313-hyperframe-6.0.0_1: .......... done
[19/92] Installing py313-h2-4.1.0_1...
[19/92] Extracting py313-h2-4.1.0_1: .......... done
[20/92] Installing py313-idna-3.11...
[20/92] Extracting py313-idna-3.11: .......... done
[21/92] Installing py313-markupsafe-3.0.3...
[21/92] Extracting py313-markupsafe-3.0.3: .......... done
[22/92] Installing py313-outcome-1.3.0_2...
[22/92] Extracting py313-outcome-1.3.0_2: .......... done
[23/92] Installing py313-packaging-26.0...
[23/92] Extracting py313-packaging-26.0: .......... done
[24/92] Reinstalling glib-2.84.4,2...
[24/92] Extracting glib-2.84.4,2: .......... done
[25/92] Installing py313-pyasn1-0.6.0...
[25/92] Extracting py313-pyasn1-0.6.0: .......... done
[26/92] Installing py313-ldap3-2.9.1_1...
[26/92] Extracting py313-ldap3-2.9.1_1: .......... done
[27/92] Installing py313-pycparser-2.23...
[27/92] Extracting py313-pycparser-2.23: .......... done
[28/92] Installing py313-cffi-2.0.0...
[28/92] Extracting py313-cffi-2.0.0: .......... done
[29/92] Installing py313-cryptography-46.0.5,1...
[29/92] Extracting py313-cryptography-46.0.5,1: .......... done
[30/92] Installing py313-pylsqpack-0.3.23...
[30/92] Extracting py313-pylsqpack-0.3.23: .......... done
[31/92] Installing py313-pyopenssl-25.3.0_1,1...
[31/92] Extracting py313-pyopenssl-25.3.0_1,1: .......... done
[32/92] Installing py313-pysocks-1.7.1_1...
[32/92] Extracting py313-pysocks-1.7.1_1: .......... done
[33/92] Installing py313-pytz-2025.2_1,1...
[33/92] Extracting py313-pytz-2025.2_1,1: .......... done
[34/92] Installing py313-pyyaml-6.0.3...
[34/92] Extracting py313-pyyaml-6.0.3: .......... done
[35/92] Installing py313-six-1.17.0...
[35/92] Extracting py313-six-1.17.0: .......... done
[36/92] Installing py313-python-dateutil-2.9.0...
[36/92] Extracting py313-python-dateutil-2.9.0: .......... done
[37/92] Installing py313-sniffio-1.3.1...
[37/92] Extracting py313-sniffio-1.3.1: .......... done
[38/92] Installing py313-socksio-1.0.0_1...
[38/92] Extracting py313-socksio-1.0.0_1: .......... done
[39/92] Installing py313-sortedcontainers-2.4.0_1...
[39/92] Extracting py313-sortedcontainers-2.4.0_1: .......... done
[40/92] Installing py313-sqlite3-3.13.12_10...
[40/92] Extracting py313-sqlite3-3.13.12_10: ......... done
[41/92] Installing py313-trio-0.33.0...
[41/92] Extracting py313-trio-0.33.0: .......... done
[42/92] Installing py313-truststore-0.10.4...
[42/92] Extracting py313-truststore-0.10.4: .......... done
[43/92] Installing py313-anyio-4.12.1...
[43/92] Extracting py313-anyio-4.12.1: .......... done
[44/92] Installing py313-httpcore-1.0.9...
[44/92] Extracting py313-httpcore-1.0.9: .......... done
[45/92] Installing py313-tzdata-2025.3...
[45/92] Extracting py313-tzdata-2025.3: .......... done
[46/92] Installing py313-ujson-5.12.0...
[46/92] Extracting py313-ujson-5.12.0: .......... done
[47/92] Installing py313-urllib3-2.6.3,1...
[47/92] Extracting py313-urllib3-2.6.3,1: .......... done
[48/92] Installing py313-vici-6.0.3...
[48/92] Extracting py313-vici-6.0.3: .......... done
[49/92] Upgrading smartmontools from 7.5_1 to 7.5_2...
[49/92] Extracting smartmontools-7.5_2: .......... done
[50/92] Deinstalling opnsense-26.1.2_5...
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
[50/92] Deleting files for opnsense-26.1.2_5: .......... done
[51/92] Upgrading dnsmasq from 2.92,1 to 2.92_2,1...
[51/92] Extracting dnsmasq-2.92_2,1: .......... done
[52/92] Upgrading kea from 3.0.2_1 to 3.0.2_2...
[52/92] Extracting kea-3.0.2_2: .......... done
[53/92] Upgrading opnsense-installer from 25.1_1 to 25.1_2...
[53/92] Extracting opnsense-installer-25.1_2: .......... done
[54/92] Upgrading opnsense-lang from 26.1.1 to 26.1.4...
[54/92] Extracting opnsense-lang-26.1.4: .......... done
[55/92] Upgrading opnsense-update from 26.1.1_1 to 26.1.3...
[55/92] Extracting opnsense-update-26.1.3: .......... done
[56/92] Upgrading os-isc-dhcp from 1.0_3 to 1.0_4...
[56/92] Extracting os-isc-dhcp-1.0_4: .......... done
[57/92] Upgrading php83-phpseclib from 3.0.49 to 3.0.50...
[57/92] Extracting php83-phpseclib-3.0.50: ......... done
[58/92] Deinstalling py311-Jinja2-3.1.6...
[58/92] Deleting files for py311-Jinja2-3.1.6: .......... done
[59/92] Deinstalling py311-Babel-2.18.0...
[59/92] Deleting files for py311-Babel-2.18.0: .......... done
[60/92] Deinstalling py311-dnspython-2.8.0_1,1...
[60/92] Deleting files for py311-dnspython-2.8.0_1,1: .......... done
[61/92] Deinstalling py311-aioquic-1.3.0_1...
[61/92] Deleting files for py311-aioquic-1.3.0_1: .......... done
[62/92] Deinstalling py311-duckdb-1.4.4...
[62/92] Deleting files for py311-duckdb-1.4.4: .......... done
[63/92] Deinstalling py311-httpx-0.28.1_1...
[63/92] Deleting files for py311-httpx-0.28.1_1: .......... done
[64/92] Deinstalling py311-jq-1.11.0...
[64/92] Deleting files for py311-jq-1.11.0: ........ done
[65/92] Deinstalling py311-pandas-2.3.3,1...
[65/92] Deleting files for py311-pandas-2.3.3,1: .......... done
[66/92] Deinstalling py311-bottleneck-1.6.0...
[66/92] Deleting files for py311-bottleneck-1.6.0: .......... done
[67/92] Deinstalling py311-numexpr-2.14.1...
[67/92] Deleting files for py311-numexpr-2.14.1: .......... done
[68/92] Deinstalling py311-numpy-1.26.4_12,1...
[68/92] Deleting files for py311-numpy-1.26.4_12,1: .......... done
[69/92] Deinstalling py311-requests-2.32.5...
[69/92] Deleting files for py311-requests-2.32.5: .......... done
[70/92] Deinstalling py311-charset-normalizer-3.4.4...
[70/92] Deleting files for py311-charset-normalizer-3.4.4: .......... done
[71/92] Deinstalling py311-service-identity-24.2.0...
[71/92] Deleting files for py311-service-identity-24.2.0: .......... done
[72/92] Deinstalling py311-pyasn1-modules-0.4.1...
[72/92] Deleting files for py311-pyasn1-modules-0.4.1: .......... done
[73/92] Installing py313-Babel-2.18.0...
[73/92] Extracting py313-Babel-2.18.0: .......... done
[74/92] Installing py313-Jinja2-3.1.6...
[74/92] Extracting py313-Jinja2-3.1.6: .......... done
[75/92] Installing py313-charset-normalizer-3.4.4...
[75/92] Extracting py313-charset-normalizer-3.4.4: .......... done
[76/92] Installing py313-httpx-0.28.1_1...
[76/92] Extracting py313-httpx-0.28.1_1: .......... done
[77/92] Installing py313-numpy-1.26.4_12,1...
[77/92] Extracting py313-numpy-1.26.4_12,1: .......... done
[78/92] Installing py313-bottleneck-1.6.0...
[78/92] Extracting py313-bottleneck-1.6.0: .......... done
[79/92] Installing py313-numexpr-2.14.1...
[79/92] Extracting py313-numexpr-2.14.1: .......... done
[80/92] Installing py313-pandas-2.3.3,1...
[80/92] Extracting py313-pandas-2.3.3,1: .......... done
[81/92] Installing py313-duckdb-1.5.0...
[81/92] Extracting py313-duckdb-1.5.0: .......... done
[82/92] Installing py313-pyasn1-modules-0.4.1...
[82/92] Extracting py313-pyasn1-modules-0.4.1: .......... done
[83/92] Installing py313-requests-2.32.5...
[83/92] Extracting py313-requests-2.32.5: .......... done
[84/92] Installing py313-jq-1.11.0...
[84/92] Extracting py313-jq-1.11.0: ........ done
[85/92] Installing py313-service-identity-24.2.0...
[85/92] Extracting py313-service-identity-24.2.0: .......... done
[86/92] Installing py313-aioquic-1.3.0_1...
[86/92] Extracting py313-aioquic-1.3.0_1: .......... done
[87/92] Installing py313-dnspython-2.8.0_1,1...
[87/92] Extracting py313-dnspython-2.8.0_1,1: .......... done
[88/92] Upgrading strongswan from 6.0.3_1 to 6.0.4...
[88/92] Extracting strongswan-6.0.4: .......... done
[89/92] Upgrading suricata from 8.0.3_1 to 8.0.4...
[89/92] Extracting suricata-8.0.4: .......... done
[90/92] Upgrading syslog-ng from 4.10.2 to 4.11.0_1...
[90/92] Extracting syslog-ng-4.11.0_1: .......... done
[91/92] Reinstalling unbound-1.24.2_1...
===> Creating groups
Using existing group 'unbound'
===> Creating users
Using existing user 'unbound'
[91/92] Extracting unbound-1.24.2_1: .......... done
[92/92] Installing opnsense-26.1.5...
[92/92] Extracting opnsense-26.1.5: .......... done
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Migrated OPNsense\Dnsmasq\Dnsmasq from 1.0.8 to 1.0.9
Migrated OPNsense\Unbound\Unbound from 1.0.13 to 1.0.14
Migrated OPNsense\Kea\KeaDdns from 0.0.0 to 1.0.0
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
==> Running trigger: glib-schemas.ucl
Compiling glib schemas
No schema files found: doing nothing.
==> Running trigger: gio-modules.ucl
Generating GIO modules cache
You may need to manually remove /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml if it is no longer needed.
=====
Message from python313-3.13.12:

--
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py313-gdbm       databases/py-gdbm@py313
py313-sqlite3    databases/py-sqlite3@py313
py313-tkinter    x11-toolkits/py-tkinter@py313
=====
Message from py313-urllib3-2.6.3,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
You may need to manually remove /usr/local/etc/dnsmasq.conf if it is no longer needed.
=====
Message from dnsmasq-2.92_2,1:

--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]

Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq


NOTE: when using dnssec, inaccurate system clocks
can cause DNS resolution to fail
because DNSSEC signatures may then not validate.


SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
You may need to manually remove /usr/local/etc/kea/kea-ctrl-agent.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-dhcp4.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/keactrl.conf if it is no longer needed.
=====
Message from py313-pandas-2.3.3,1:

--
Install math/py-statsmodels to enable parts of pandas.stats.
Install devel/py-xarray to enable the to_xarray() function.
=====
Message from strongswan-6.0.4:

--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
=====
Message from opnsense-26.1.5:

--
One step ahead, one step behind it, now you gotta run to get even
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 37 packages:

Installed packages to be REMOVED:
py311-anyio: 4.12.1
py311-async_generator: 1.10_1
py311-attrs: 25.4.0
py311-certifi: 2026.1.4
py311-cffi: 2.0.0
py311-cryptography: 46.0.4,1
py311-h11: 0.16.0
py311-h2: 4.1.0_1
py311-hpack: 4.0.0_1
py311-httpcore: 1.0.9
py311-hyperframe: 6.0.0_1
py311-idna: 3.11
py311-ldap3: 2.9.1_1
py311-markupsafe: 3.0.3
py311-outcome: 1.3.0_2
py311-packaging: 26.0
py311-pyasn1: 0.6.0
py311-pycparser: 2.23
py311-pylsqpack: 0.3.23
py311-pyopenssl: 25.3.0_1,1
py311-pysocks: 1.7.1_1
py311-python-dateutil: 2.9.0
py311-pytz: 2025.2_1,1
py311-pyyaml: 6.0.3
py311-six: 1.17.0
py311-sniffio: 1.3.1
py311-socksio: 1.0.0_1
py311-sortedcontainers: 2.4.0_1
py311-sqlite3: 3.11.14_11
py311-trio: 0.32.0
py311-truststore: 0.10.4
py311-typing-extensions: 4.15.0
py311-tzdata: 2025.3
py311-ujson: 5.11.0
py311-urllib3: 2.6.3,1
py311-vici: 6.0.3
python311: 3.11.14_2

Number of packages to be removed: 37

The operation will free 242 MiB.
[1/37] Deinstalling py311-anyio-4.12.1...
[1/37] Deleting files for py311-anyio-4.12.1: .......... done
[2/37] Deinstalling py311-async_generator-1.10_1...
[2/37] Deleting files for py311-async_generator-1.10_1: .......... done
[3/37] Deinstalling py311-attrs-25.4.0...
[3/37] Deleting files for py311-attrs-25.4.0: .......... done
[4/37] Deinstalling py311-certifi-2026.1.4...
[4/37] Deleting files for py311-certifi-2026.1.4: .......... done
[5/37] Deinstalling py311-cffi-2.0.0...
[5/37] Deleting files for py311-cffi-2.0.0: .......... done
[6/37] Deinstalling py311-cryptography-46.0.4,1...
[6/37] Deleting files for py311-cryptography-46.0.4,1: .......... done
[7/37] Deinstalling py311-h11-0.16.0...
[7/37] Deleting files for py311-h11-0.16.0: .......... done
[8/37] Deinstalling py311-h2-4.1.0_1...
[8/37] Deleting files for py311-h2-4.1.0_1: .......... done
[9/37] Deinstalling py311-hpack-4.0.0_1...
[9/37] Deleting files for py311-hpack-4.0.0_1: .......... done
[10/37] Deinstalling py311-httpcore-1.0.9...
[10/37] Deleting files for py311-httpcore-1.0.9: .......... done
[11/37] Deinstalling py311-hyperframe-6.0.0_1...
[11/37] Deleting files for py311-hyperframe-6.0.0_1: .......... done
[12/37] Deinstalling py311-idna-3.11...
[12/37] Deleting files for py311-idna-3.11: .......... done
[13/37] Deinstalling py311-ldap3-2.9.1_1...
[13/37] Deleting files for py311-ldap3-2.9.1_1: .......... done
[14/37] Deinstalling py311-markupsafe-3.0.3...
[14/37] Deleting files for py311-markupsafe-3.0.3: .......... done
[15/37] Deinstalling py311-outcome-1.3.0_2...
[15/37] Deleting files for py311-outcome-1.3.0_2: .......... done
[16/37] Deinstalling py311-packaging-26.0...
[16/37] Deleting files for py311-packaging-26.0: .......... done
[17/37] Deinstalling py311-pyasn1-0.6.0...
[17/37] Deleting files for py311-pyasn1-0.6.0: .......... done
[18/37] Deinstalling py311-pycparser-2.23...
[18/37] Deleting files for py311-pycparser-2.23: .......... done
[19/37] Deinstalling py311-pylsqpack-0.3.23...
[19/37] Deleting files for py311-pylsqpack-0.3.23: .......... done
[20/37] Deinstalling py311-pyopenssl-25.3.0_1,1...
[20/37] Deleting files for py311-pyopenssl-25.3.0_1,1: .......... done
[21/37] Deinstalling py311-pysocks-1.7.1_1...
[21/37] Deleting files for py311-pysocks-1.7.1_1: .......... done
[22/37] Deinstalling py311-python-dateutil-2.9.0...
[22/37] Deleting files for py311-python-dateutil-2.9.0: .......... done
[23/37] Deinstalling py311-pytz-2025.2_1,1...
[23/37] Deleting files for py311-pytz-2025.2_1,1: .......... done
[24/37] Deinstalling py311-pyyaml-6.0.3...
[24/37] Deleting files for py311-pyyaml-6.0.3: .......... done
[25/37] Deinstalling py311-six-1.17.0...
[25/37] Deleting files for py311-six-1.17.0: .......... done
[26/37] Deinstalling py311-sniffio-1.3.1...
[26/37] Deleting files for py311-sniffio-1.3.1: .......... done
[27/37] Deinstalling py311-socksio-1.0.0_1...
[27/37] Deleting files for py311-socksio-1.0.0_1: .......... done
[28/37] Deinstalling py311-sortedcontainers-2.4.0_1...
[28/37] Deleting files for py311-sortedcontainers-2.4.0_1: .......... done
[29/37] Deinstalling py311-sqlite3-3.11.14_11...
[29/37] Deleting files for py311-sqlite3-3.11.14_11: ......... done
[30/37] Deinstalling py311-trio-0.32.0...
[30/37] Deleting files for py311-trio-0.32.0: .......... done
[31/37] Deinstalling py311-truststore-0.10.4...
[31/37] Deleting files for py311-truststore-0.10.4: .......... done
[32/37] Deinstalling py311-typing-extensions-4.15.0...
[32/37] Deleting files for py311-typing-extensions-4.15.0: .......... done
[33/37] Deinstalling py311-tzdata-2025.3...
[33/37] Deleting files for py311-tzdata-2025.3: .......... done
[34/37] Deinstalling py311-ujson-5.11.0...
[34/37] Deleting files for py311-ujson-5.11.0: .......... done
[35/37] Deinstalling py311-urllib3-2.6.3,1...
[35/37] Deleting files for py311-urllib3-2.6.3,1: .......... done
[36/37] Deinstalling py311-vici-6.0.3...
[36/37] Deleting files for py311-vici-6.0.3: .......... done
[37/37] Deinstalling python311-3.11.14_2...
[37/37] Deleting files for python311-3.11.14_2: .......... done
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/py313-bottleneck-1.6.0.pkg
/var/cache/pkg/opnsense-installer-25.1_2.pkg
/var/cache/pkg/py313-pycparser-2.23~72bc3c468b.pkg
/var/cache/pkg/py313-urllib3-2.6.3,1.pkg
/var/cache/pkg/py313-charset-normalizer-3.4.4.pkg
/var/cache/pkg/py313-aioquic-1.3.0_1~3b8d37f029.pkg
/var/cache/pkg/py313-sortedcontainers-2.4.0_1.pkg
/var/cache/pkg/py313-httpcore-1.0.9~18a2c145ac.pkg
/var/cache/pkg/openldap26-client-2.6.13.pkg
/var/cache/pkg/py313-async_generator-1.10_1~a403c531ab.pkg
/var/cache/pkg/py313-outcome-1.3.0_2.pkg
/var/cache/pkg/kea-3.0.2_2~61a8f8f4c4.pkg
/var/cache/pkg/py313-pylsqpack-0.3.23~28c9f088d7.pkg
/var/cache/pkg/py313-pyyaml-6.0.3~4b9e150c4c.pkg
/var/cache/pkg/py313-sqlite3-3.13.12_10.pkg
/var/cache/pkg/py313-Babel-2.18.0~1b1468eecc.pkg
/var/cache/pkg/py313-pyasn1-0.6.0~3b5a63e358.pkg
/var/cache/pkg/py313-sniffio-1.3.1~c0458a8903.pkg
/var/cache/pkg/opnsense-lang-26.1.4~ded37abf90.pkg
/var/cache/pkg/py313-duckdb-1.5.0~4533c14a40.pkg
/var/cache/pkg/colordiff-1.0.22~91a85e9f3a.pkg
/var/cache/pkg/py313-idna-3.11~6ecb7abb20.pkg
/var/cache/pkg/py313-trio-0.33.0.pkg
/var/cache/pkg/py313-outcome-1.3.0_2~9a00a638bb.pkg
/var/cache/pkg/py313-hyperframe-6.0.0_1.pkg
/var/cache/pkg/py313-trio-0.33.0~0fce283ee6.pkg
/var/cache/pkg/py313-python-dateutil-2.9.0.pkg
/var/cache/pkg/smartmontools-7.5_2~d5da783b33.pkg
/var/cache/pkg/py313-pysocks-1.7.1_1.pkg
/var/cache/pkg/py313-pyasn1-modules-0.4.1.pkg
/var/cache/pkg/py313-Babel-2.18.0.pkg
/var/cache/pkg/py313-cffi-2.0.0~e342885c35.pkg
/var/cache/pkg/py313-certifi-2026.1.4~ba4ac7f9eb.pkg
/var/cache/pkg/os-wol-2.5_4.pkg
/var/cache/pkg/py313-pyopenssl-25.3.0_1,1.pkg
/var/cache/pkg/py313-pylsqpack-0.3.23.pkg
/var/cache/pkg/py313-jq-1.11.0~d9973bd12b.pkg
/var/cache/pkg/py313-httpx-0.28.1_1~185232144c.pkg
/var/cache/pkg/py313-jq-1.11.0.pkg
/var/cache/pkg/py313-sortedcontainers-2.4.0_1~d71cd16807.pkg
/var/cache/pkg/py313-ldap3-2.9.1_1.pkg
/var/cache/pkg/perl5-5.42.1~fe2731aff1.pkg
/var/cache/pkg/py313-six-1.17.0~75d9a7a710.pkg
/var/cache/pkg/py313-httpcore-1.0.9.pkg
/var/cache/pkg/py313-tzdata-2025.3.pkg
/var/cache/pkg/py313-duckdb-1.5.0.pkg
/var/cache/pkg/libunistring-1.4.2.pkg
/var/cache/pkg/strongswan-6.0.4~92e92924b6.pkg
/var/cache/pkg/py313-numpy-1.26.4_12,1~56ee32916f.pkg
/var/cache/pkg/glib-2.84.4,2~c24f9ca00e.pkg
/var/cache/pkg/py313-numpy-1.26.4_12,1.pkg
/var/cache/pkg/py313-service-identity-24.2.0.pkg
/var/cache/pkg/suricata-8.0.4~409bb3de25.pkg
/var/cache/pkg/opnsense-26.1.5~3516896624.pkg
/var/cache/pkg/dnsmasq-2.92_2,1~39395cfc2c.pkg
/var/cache/pkg/py313-pytz-2025.2_1,1.pkg
/var/cache/pkg/suricata-8.0.4.pkg
/var/cache/pkg/py313-ujson-5.12.0.pkg
/var/cache/pkg/py313-pandas-2.3.3,1.pkg
/var/cache/pkg/php83-phpseclib-3.0.50~1aa1795ac6.pkg
/var/cache/pkg/py313-pyopenssl-25.3.0_1,1~0adce30e4d.pkg
/var/cache/pkg/opnsense-installer-25.1_2~59696abb97.pkg
/var/cache/pkg/python313-3.13.12~ac9e7567e9.pkg
/var/cache/pkg/dnsmasq-2.92_2,1.pkg
/var/cache/pkg/libxml2-2.15.2.pkg
/var/cache/pkg/unbound-1.24.2_1~32dd170376.pkg
/var/cache/pkg/py313-urllib3-2.6.3,1~7954ad1106.pkg
/var/cache/pkg/py313-async_generator-1.10_1.pkg
/var/cache/pkg/os-q-feeds-connector-1.5_1.pkg
/var/cache/pkg/py313-requests-2.32.5~cc8d59e4e2.pkg
/var/cache/pkg/py313-dnspython-2.8.0_1,1~83ccc7f517.pkg
/var/cache/pkg/py313-cryptography-46.0.5,1.pkg
/var/cache/pkg/py313-hpack-4.0.0_1~216389cdf3.pkg
/var/cache/pkg/os-q-feeds-connector-1.5_1~be3c0b28ed.pkg
/var/cache/pkg/py313-socksio-1.0.0_1~1321038e12.pkg
/var/cache/pkg/strongswan-6.0.4.pkg
/var/cache/pkg/py313-packaging-26.0.pkg
/var/cache/pkg/py313-pandas-2.3.3,1~18e3e2fcb0.pkg
/var/cache/pkg/colordiff-1.0.22.pkg
/var/cache/pkg/py313-hyperframe-6.0.0_1~f9ca182372.pkg
/var/cache/pkg/py313-aioquic-1.3.0_1.pkg
/var/cache/pkg/smartmontools-7.5_2.pkg
/var/cache/pkg/py313-ujson-5.12.0~f0a733ba53.pkg
/var/cache/pkg/python313-3.13.12.pkg
/var/cache/pkg/syslog-ng-4.11.0_1~346d0ecd76.pkg
/var/cache/pkg/py313-h11-0.16.0.pkg
/var/cache/pkg/py313-idna-3.11.pkg
/var/cache/pkg/py313-Jinja2-3.1.6.pkg
/var/cache/pkg/py313-certifi-2026.1.4.pkg
/var/cache/pkg/py313-attrs-25.4.0~f19e2571da.pkg
/var/cache/pkg/py313-six-1.17.0.pkg
/var/cache/pkg/py313-packaging-26.0~c16b3e699d.pkg
/var/cache/pkg/py313-pyasn1-modules-0.4.1~1bda180479.pkg
/var/cache/pkg/libucl-0.9.4~8d9c861264.pkg
/var/cache/pkg/py313-vici-6.0.3.pkg
/var/cache/pkg/py313-requests-2.32.5.pkg
/var/cache/pkg/py313-pyyaml-6.0.3.pkg
/var/cache/pkg/py313-socksio-1.0.0_1.pkg
/var/cache/pkg/py313-h2-4.1.0_1~f32942f580.pkg
/var/cache/pkg/opnsense-26.1.5.pkg
/var/cache/pkg/py313-h2-4.1.0_1.pkg
/var/cache/pkg/libxml2-2.15.2~25e696188c.pkg
/var/cache/pkg/opnsense-lang-26.1.4.pkg
/var/cache/pkg/py313-ldap3-2.9.1_1~9bb795f169.pkg
/var/cache/pkg/py313-python-dateutil-2.9.0~f9dbc48810.pkg
/var/cache/pkg/syslog-ng-4.11.0_1.pkg
/var/cache/pkg/py313-service-identity-24.2.0~3337ca8112.pkg
/var/cache/pkg/py313-attrs-25.4.0.pkg
/var/cache/pkg/dnscrypt-proxy2-2.1.15_1.pkg
/var/cache/pkg/kea-3.0.2_2.pkg
/var/cache/pkg/unbound-1.24.2_1.pkg
/var/cache/pkg/py313-markupsafe-3.0.3~7083fa7e47.pkg
/var/cache/pkg/py313-charset-normalizer-3.4.4~7a63c240e4.pkg
/var/cache/pkg/py313-pyasn1-0.6.0.pkg
/var/cache/pkg/opnsense-update-26.1.3~ffbfb8617a.pkg
/var/cache/pkg/py313-bottleneck-1.6.0~b6e2c23d98.pkg
/var/cache/pkg/opnsense-update-26.1.3.pkg
/var/cache/pkg/dnscrypt-proxy2-2.1.15_1~19475a1a30.pkg
/var/cache/pkg/py313-vici-6.0.3~72f5ae3ce7.pkg
/var/cache/pkg/os-isc-dhcp-1.0_4~1217618794.pkg
/var/cache/pkg/glib-2.84.4,2.pkg
/var/cache/pkg/py313-pytz-2025.2_1,1~6e9552c0c3.pkg
/var/cache/pkg/py313-dnspython-2.8.0_1,1.pkg
/var/cache/pkg/perl5-5.42.1.pkg
/var/cache/pkg/py313-anyio-4.12.1~28b86a30c7.pkg
/var/cache/pkg/os-isc-dhcp-1.0_4.pkg
/var/cache/pkg/py313-pycparser-2.23.pkg
/var/cache/pkg/jansson-2.15.0~a8c00b11ed.pkg
/var/cache/pkg/py313-sniffio-1.3.1.pkg
/var/cache/pkg/os-wol-2.5_4~b4eb99d12a.pkg
/var/cache/pkg/py313-tzdata-2025.3~a7aa5f3bd8.pkg
/var/cache/pkg/nss-3.121~cef5f11e46.pkg
/var/cache/pkg/py313-numexpr-2.14.1~eecd1b1d93.pkg
/var/cache/pkg/py313-sqlite3-3.13.12_10~9dba18b366.pkg
/var/cache/pkg/py313-numexpr-2.14.1.pkg
/var/cache/pkg/py313-truststore-0.10.4~a317c19826.pkg
/var/cache/pkg/libunistring-1.4.2~07744615fd.pkg
/var/cache/pkg/py313-hpack-4.0.0_1.pkg
/var/cache/pkg/php83-phpseclib-3.0.50.pkg
/var/cache/pkg/py313-anyio-4.12.1.pkg
/var/cache/pkg/py313-h11-0.16.0~23e77630e6.pkg
/var/cache/pkg/py313-cffi-2.0.0.pkg
/var/cache/pkg/py313-pysocks-1.7.1_1~fb31bf5b0e.pkg
/var/cache/pkg/jansson-2.15.0.pkg
/var/cache/pkg/py313-truststore-0.10.4.pkg
/var/cache/pkg/openldap26-client-2.6.13~1fba0baae5.pkg
/var/cache/pkg/py313-httpx-0.28.1_1.pkg
/var/cache/pkg/py313-markupsafe-3.0.3.pkg
/var/cache/pkg/nss-3.121.pkg
/var/cache/pkg/py313-cryptography-46.0.5,1~b921ba1247.pkg
/var/cache/pkg/libucl-0.9.4.pkg
/var/cache/pkg/py313-Jinja2-3.1.6~5c1aafa9aa.pkg
The cleanup will free 148 MiB
Deleting files: .......... done
Nothing to do.
Starting web GUI...done.
Fetching base-26.1.3-amd64.txz: ......................... done
Fetching kernel-26.1.3-amd64.txz: ........ done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-26.1.3-amd64.txz...

It's missing some lines because the screen will be locked with the reboot message when finished.

Otherwise everything is working fine, I just would like to know what the problem was.
#9
26.1, 26,4 Series / Re: cloudflare blocklist
March 20, 2026, 06:46:15 PM
As far as I know Cloudflare does not publish their blocklists.

Just use their Family DNS servers and you will have a blocklist for malware and adult content.

https://developers.cloudflare.com/1.1.1.1/ip-addresses/
#10
26.1, 26,4 Series / Re: Rule or alias not matching
March 11, 2026, 07:04:35 PM
Occam's razor: If you didn't change anything in the firewall or update it then the firewall can't be the source of your problem.

By the way can you show the definition of your rfc5735 alias?
#11
26.1, 26,4 Series / Re: Upgrade went wrong
March 09, 2026, 09:20:27 PM
Quote from: ezhik on March 06, 2026, 10:41:15 PMOne step ahead, one step behind it, now you gotta run to get even

That's it, too much Van Halen broke the system. :D
#12
@franco The documentation only explains processing order but not application order of the rules.

Can you confirm that this application order is correct?

You cannot view this attachment.

The graphic is from the last post of this thread: https://www.reddit.com/r/opnsense/comments/11et0b1/help_understanding_firewall_quick_and_nonquick/
#13
Quote from: franco on March 06, 2026, 09:24:08 AMBoth can and will be used.

But according to the processing order the old rules are effectively never reached if the new rules are also "First match" which is probably 99.9% of all rules (except for floating and group rules). So because everything is working fine I'm safe to delete the old ones.

The only thing bothering me now is the very laggy loading of the new rules. I have a very slow system - Biostar A68N-2100K. :)

You probably don't notice it on a fast system.

By the way what is the priority for these?

Quote2. Firewall ‣ Rules [new] and Firewall ‣ Rules floating rules
3. Firewall ‣ Rules [new] and Firewall ‣ Rules group rules

They can't really be on the same level, I see that my old floating rules are before the new single interface rules, so the list should have more numbers?

Edit: Nvm I overlooked that 2. is both floating rules, in that case the new floating rules don't even exist, so there can't be a priority issue.
#14
Yes, automatic rules are shown under "👁 Inspect".

But if old floating rules that only used 1 interface are no longer displayed why do they appear under "All rules" with the red layer icon if you inspect them?

Also if you inspect the rules in "All rules" they are listed as follows:

1. Automatic Rules
2. Floating Rules
3. Interface Rules (I guess in a-Z order) with checkboxes to enable/disable
4. Interface Rules again (from the legacy rules)

This was very confusing at first but I just noticed that the duplicates are actually the old rules that I didn't delete yet. So I just answered my own question again. ^^

I guess the old rules are active until you delete them and then the new ones take over?
#15
German - Deutsch / Re: DSL Zwangstrennung verschieben
February 28, 2026, 09:43:21 AM
Quote from: k0ns0l3 on February 26, 2026, 05:16:59 AMIst eine tägliche Zwangstrennung eines DSL-Anschlusses notwendig ?

Der Sinn einer Zwangstrennung ist ja, dass du deinen Privatanschluss nicht für gewerbliche Server verwendest, weil du immer die gleiche IP hast. Es ist also nicht technisch notwendig, aber wirtschaftlich vom Provider aus gesehen schon. ☺️