Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mooh

#1
Checking out on shop.opnsense.com, one can add a coupon code. I would ask sales to provide one for the remaining runtime of the current license.
#2
Thanks for your work! So the problem is exactly what I expected it to be, the relation between rule and event is lost somehow. But then again, I don't understand why the rid shown in the i-button dialog is correct, but following the link brings up nothing.

Anyway, it is not a pressing problem for me or I would have seen it years ago. Still, it doesn't feel right since the indication is that there is a rule without label when in fact it is only the logging flag being turned off.
#3
Can't contribute to the solution but I'd like to add an observation that may be relevant here. I have a guest WiFi network in one location blocking all local traffic, only allowing access to the internet. When logging of the rule is on, I see traffic directed at private addresses that match the address ranges used in another location I'm frequently at. As it turns out, the traffic is caused by Apple devices that somehow fail to realise that they are in a different network and location. I haven't dug into it any further. For now, I just turned logging off.

Port 7000 happens to be used by Apple Airplay but I cannot explain how this matches the "let out anything from the firewall host itself" rule.
#4
Quote from: franco on June 26, 2026, 06:48:11 AMAnd is there an apply happening in this flow as well? Are you waiting to reopen the live log until this particular apply for the rules is complete?
Sorry for the late reply. Yes, I did it all sequentially and waited for the apply to complete.
#5
26.1, 26,4 Series / Problem with Firewall Live View
June 25, 2026, 06:45:55 PM
Turning off the logging of a firewall rule, the Live View still shows events caused by it but leaves the Label field empty. Additionally, when clicking on the i button of that event, followed by clicking the rid, the rule isn't found. The browser will open an empty new frame/window and close it immediately instead of showing the relevant rule editing dialog. It looks like the association between log file entry and firewall rule only exists while logging is turned on. I hope this is only a cosmetic error.
#6
Thanks Franco! I'm still using os-isc-dhcp.
#7
While updating, a fatal error message flashed by. The good news is that the system seems to run fine. I have attached the output of opnsense-update -g and -G

Oh, and btw what is this easyrsa weak encryption stuff about?
#8
Thanks for your support. I believe the "iCloud not working" report and the observation made in the firewall log at that time are just a coincident. The device trying to close the connection is HomePod Mini. I need to find out what exactly didn't work work.
#9
Thanks a lot for your suggestion. I just got myself a refresher on TCP flags...

The flags in the logs seem support the theory that the pass rule didn't apply because the connection state was lost. The green lines in the log have state SEC, followed by the sequence of default block messages with flags FPA, except the last one with flags RA. If my understanding is correct, this indicates that the client wanted to shut down the connection for a while, not getting anywhere and finally giving up with a reset.

Is there a way to see why a firewall state may expire while a client still thinks it is active? I'm pretty sure it's not because the firewall state were exhausted. Currently, it only uses ~500 of ~800000 and I don't see why the load could have been that much larger earlier on.
#10
The rules
#11
I have a network that's supposed to have unrestricted IPv4 internet access. The rule set has worked fine for years. Today, I was made aware that some Apple iCloud service seems to be broken. Sure enough, with global logging on, I saw that connections to 17.145.16.2:443 were blocked by the default rule. While scratching my head trying to find out what went wrong, I saw that the pass rule kicked in again without any intervention.

The screenshot shows 2 source devices, but the pass rule doesn't care about the source address. No one else had access to the firewall.

What could possibly be the reason for this behaviour?

System is OPNsense 26.4_14-amd64
#12
Quote from: Patrick M. Hausen on May 26, 2026, 04:02:40 PMOPNsense business editions are released in April and October.
Isn't the business edition always based on the preceding community edition? Say, the CE doesn't adopt FreeBSD 15.1 in July, then the BE won't be based on it either, right?
#13
Thank you very much for answering at this time of day!
#14
Just saw this update without announcement here. Is it legitimate? How to check the validity of plugin updates?
#15
Quote from: opnseeker on May 19, 2026, 03:31:04 PMI have one NIC for LAN and one for WAN on the mini PC I am using. So, I unfortunately cannot separate tagged and untagged networks.
This can be solved by making all local network VLANs and not configuring the physical interface.