"Quote from: DEC740airp414user on March 11, 2026, 11:00:54 PMyou mean unbound- advanced area correct?
No - I mean within the Security --> Q-feeds Connect --> Events tab
That's what you posted in your first screenshot?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
Q-Feeds (Threat intelligence) / Re: Testing firewall rules with qfeeds
March 13, 2026, 07:16:41 AMNo - I mean within the Security --> Q-feeds Connect --> Events tab
That's what you posted in your first screenshot?
#2
Q-Feeds (Threat intelligence) / Re: Testing firewall rules with qfeeds
March 12, 2026, 03:03:43 AMQuote from: DEC740airp414user on March 11, 2026, 11:00:54 PMShould events be populating?
Do you have logging enabled? If I turn off logging, then I don't see any events in that tab just like you even though the number in the widget increases. I normally have logging off to prevent wear on my eMMC memory which is were the logs are written on my Protectli host.
#3
26.1 Series / Strange IPv6 WAN issue - corrupt config??
February 20, 2026, 08:20:23 AM
I had a faulty HDD on my OPNSense device a few weeks ago that was reporting many errors. I did a config backup, then replaced the faulty drive and reinstalled opnsense and restored the old config. This was on the 25.x firmware just before 26.1 was released.
I then started to have regular IPV6 WAN problems where it seems the DHCP lease isn't being renewed at the ISP side, so IPv6 WAN goes down.
Software reboot doesn't fix it, in fact it doesn't get any IP4 or 6 address after a soft reboot. The only (temporary) fix is a hard power cycle.
I've tried swapping the WAN port to a different NIC but no difference is seen.
I upgraded to 26.1 with no errors, however the IPv6 drops still occur.
I'm wondering if the config is somehow corrupt from the HDD errors, but if so why would it work for days and then fail?
Does anyone have any suggestions please.
I then started to have regular IPV6 WAN problems where it seems the DHCP lease isn't being renewed at the ISP side, so IPv6 WAN goes down.
Software reboot doesn't fix it, in fact it doesn't get any IP4 or 6 address after a soft reboot. The only (temporary) fix is a hard power cycle.
I've tried swapping the WAN port to a different NIC but no difference is seen.
I upgraded to 26.1 with no errors, however the IPv6 drops still occur.
I'm wondering if the config is somehow corrupt from the HDD errors, but if so why would it work for days and then fail?
Does anyone have any suggestions please.
#4
26.1 Series / Re: Need to select "Prefer to use IPv4 even if IPv6 available" to upgrade to 26.1?
February 05, 2026, 11:24:54 AMQuote from: trdeal on February 05, 2026, 11:08:59 AMthe firewall itself is not honouring the MTU/MSS settings on the WAN interface and is thus failing in its IPv6 connectivity.
Have you tried deleting the MSS and MTU settings you manually entered? My settings have nothing in the values for MSS/MTU in the WAN config and my Connectivity Audit doesn't fail
#5
26.1 Series / No WAN after Upgrade from 26.1 _4 to 26.1.1
February 05, 2026, 08:07:39 AM
I had no issues when Upgrading from 25.7.11 -> 26.1 -> 26.1_4 however after upgrading today to 26.1.1, I had no WAN ipv4 connection.
A software restart via GUI didn't resolve, in fact after the restart many services were not running as could be seen in the Dashboard widget.
I then tried to physically power off my machine (Protectli 2410) and noticed it was extremely hot and it didn't respond to my pressing the power on/off button.
After I pulled the power cable and reinserted it, the system rebooted and everything came up OK including WAN etc. and the temperature went back down to normal levels
Very strange, I've never experienced that before.
A software restart via GUI didn't resolve, in fact after the restart many services were not running as could be seen in the Dashboard widget.
I then tried to physically power off my machine (Protectli 2410) and noticed it was extremely hot and it didn't respond to my pressing the power on/off button.
After I pulled the power cable and reinserted it, the system rebooted and everything came up OK including WAN etc. and the temperature went back down to normal levels
Very strange, I've never experienced that before.
#6
Q-Feeds (Threat intelligence) / Re: Testing firewall rules with qfeeds
January 31, 2026, 11:22:58 PMQuote from: Q-Feeds on January 31, 2026, 11:07:50 PMThis doesn't seem to be related to the Q-Feeds Plugin since you're using AGH. As your screenshot shows it perfectly pulls in the domains? If you try to reach 'cherrypharm.com' (just checked, still in the domains list), can you see any DNS requests for that domain in AGH ?
Yes, you're correct - after a bit more checking, it seems the Warning for that website was generated by my browser natively, or via an add-in (Brave) - I could see within the AGH log that it actually blocked access. When I tried Safari, I didn't get the warning as it must not have the same website checking, and again aGH blocked it. Sorry for my misunderstanding :)
#7
Q-Feeds (Threat intelligence) / Re: Testing firewall rules with qfeeds
January 31, 2026, 01:30:09 AMQuote from: Q-Feeds on January 26, 2026, 06:10:59 PMAllright! Will look into it together with Deciso and get back to you. Thanks for digging into it already, very helpful!
FYI - I'm seeing this issue too however I'm using the qfeed Domains blocklist only within AGH and not within Unbound. I'm running OPNsense 25.7.11_9-amd64 with AGH setup as the main DNS on port 53, and Unbound is on 5335. Within AGH I have 127.0.0.1:5335 setup as a Private reverse DNS server, and for Local resolution via Unbound on 127.0.0.1:5335 - this has been working well for years.
Blocking of sites on the qfeeds Domains blocklist within AGH worked well previously, however it now seems to have stopped as the example problem url's posted earlier in this thread are no longer blocked and they display warnings in my browser.
The widget shows the blocked number incrementing as I have the floating rules setup to block the qfeeds IPs which works properly - it's just the Domain blocklist isn't working anymore
edited to add - this is the url added to the AGH Qfeeds Malware Domains shown in the screenshot:
https://api.qfeeds.com/api.php?feed_type=malware_domains&api_token=tip_xxxxxxx
#8
26.1 Series / Re: Post upgrade steps for ZFS - Major Upgrade
January 30, 2026, 12:32:07 PMQuote from: Patrick M. Hausen on January 30, 2026, 11:43:18 AM/boot/efi/efi/freebsd/loader.efi and /boot/efi/efi/boot/bootx64.efi should be identical, although only one will be used. Which one depends on your BIOS and its settings.
I've now ensured that both are identical - I think I should be ok now - thanks for your assistance @Patrick
#9
26.1 Series / Re: Post upgrade steps for ZFS - Major Upgrade
January 30, 2026, 11:33:15 AMQuote from: Patrick M. Hausen on January 30, 2026, 11:25:57 AMZFS pool upgrades are never applied automatically. You need to explicitly use "zpool upgrade zroot". And if you do this, then remember to also upgrade your boot loader.
As further context to my question, coincidentally today the second of two disks in my ZFS Raid pool died, so rather than replace it, I detached it from the pool and did a zpool update. However I didn't upgrade the boot loader as I overlooked that step :(
I tried to reboot but it failed as it couldn't find a bootable disk, so I booted off usb and copied the loader.efi from the usb to /boot/efi/efi/boot/bootx64.efi - thats probably why that file has today's date.
The pool is showing no errors now:
Code Select
# zpool status
pool: zroot
state: ONLINE
scan: resilvered 4.26G in 20483 days 03:18:56 with 0 errors on Fri Jan 30 14:19:00 2026
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
ada0p4 ONLINE 0 0 0
errors: No known data errors
So I'm now assuming I'll need to copy it to /boot/efi/efi/freebsd/loader.efi as that file is from 2022?
Thanks
#10
26.1 Series / Re: Post upgrade steps for ZFS - Major Upgrade
January 30, 2026, 10:21:37 AMQuote from: ProximusAl on January 30, 2026, 08:48:38 AMWith my installs all being ZFS is it still recommended to do this after a major upgrade:
cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
Sorry to hijack this thread - I just listed these files on my OPNsense 25.7.11_9-amd64 system:
Code Select
root@OPNsense:~ # ls -l /boot/loader.efi
-r-xr-xr-x 2 root wheel 658944 Jan 13 23:26 /boot/loader.efi
root@OPNsense:~ # ls -l /boot/efi/efi/freebsd/loader.efi
-rwxr-xr-x 1 root wheel 890368 May 31 2022 /boot/efi/efi/freebsd/loader.efi
root@OPNsense:~ # ls -l /boot/efi/efi/boot/bootx64.efi
-rwxr-xr-x 1 root wheel 658944 Jan 30 18:28 /boot/efi/efi/boot/bootx64.efi
Looking at the dates, /boot/efi/efi/freebsd/loader.efi is from 2022 and a different filesize, and the others are the same size but different dates and I assume they are the same file.
I should I copy /boot/loader.efi to /boot/efi/efi/freebsd/loader.efi to fix this? I wonder why I haven't (yet?) seen any issues?
Thanks
#11
25.7, 25.10 Series / Re: Using the same FQDN both internally and externally: how to set it up?
January 30, 2026, 09:53:17 AMQuote from: adv on January 30, 2026, 01:59:00 AMAny thoughts on if my router should be accessible via example.com and why I am getting an error?
The help for the setting "Alternate Hostnames" under System > Settings > Administration says this: "Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks
Here you can specify alternate hostnames by which the router may be queried, to bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."
Perhaps you could enter this in there and see if you still get the error?
Code Select
example.dyndns.org example.com
#12
26.1 Series / Re: Clarification on os-isc-dhcp plugin for 26.1
January 29, 2026, 12:01:55 PM
Thanks guys for clarifying
#13
26.1 Series / Clarification on os-isc-dhcp plugin for 26.1
January 29, 2026, 05:54:11 AM
Sorry if the following are obvious questions, hopefully someone can clarify please.
- I'm using native ISC DHCP on 25.7.11_2 and don't intend to migrate (yet) to the alternatives.
I see the release notes for 26.1 says "ISC-DHCP moves to a plugin. It will be automatically installed during upgrades."
Does this mean the existing ISC-DHCP configurations for IPv4 and IPv6 will be "imported" into the plugin, so I won't need to do any configuration changes? - Regarding the release note comment which seems a bit ambiguous:
"To accommodate the change away from ISC-DCHP defaults the "Track interface" IPv6 mode now has a sibling called "Identity Association" which does the same except it is not automatically starting ISC-DHCPv6 and Radvd router advertisements to allow better interoperability with Kea and Dnsmasq setups."
As I'm remaining on ISC-DHCP, will I need to make any changes to "Track interface" as I'll need ISC-DHCPv6 and Radvd to autostart.
#14
Q-Feeds (Threat intelligence) / Re: Bigcommerce problem
November 15, 2025, 03:24:31 AM
I just tested with Wireguard and it does block if you add the Wireguard interface into the two Qfeeds floating rules:
It blocked a known malicious IP on my LAN and Wireguard interfaces:
It blocked a known malicious IP on my LAN and Wireguard interfaces:
#15
Q-Feeds (Threat intelligence) / Re: Bigcommerce problem
November 15, 2025, 02:42:42 AMQuote from: passeri on November 14, 2025, 12:57:25 AMIf I install a VPN on her machine she will probably wind up leaving it on, bypassing Qfeeds
I thought Qfeeds would filter the VPN (if you added within the floating rule) the interface list that currently has WAN?
