Messages

I have a 'ban'/block alias in OpnSense to block ip address. This alias is managed via Fail2Ban where I use a script to call the OpnSense WebAPI to add or delete from an Alias. Each time the configuration changes from this, I can see a config backup is created.

Is there a way to execute a change to the alias but not have OpnSense automatically create a configuration back xml file?

I tried to specify a different dhcp-lease-time value in the latest version of opnsense. (Found referenced here https://forum.opnsense.org/index.php?topic=20323.0)

This is what I put in the Option Modifiers on the WAN interface under Advance.

supersede dhcp-lease-time 86400

Enabled and disabled the WAN interface to attempt to pick up the value. When I cat the file /var/db/dhclient.leases.re1 I get (re1 is the WAN interface)


  ...
  option dhcp-lease-time 3600;
  option dhcp-message-type 5;
  ...


I expected by override value to be specified?

Thanks - that pointed me to the right direction.
Can only think of putting 0.0.0.0 into bind hosts which will bind all interfaces. Did this because if the WAN address changes and track interface will change the LAN address.

But it does mean all interfaces are bound. Guess I need a port block on WAN for port 53? Or is there any other implications?

Starting out with ipv6. I have been running AGH on port 53 and Unbound upstream on port 8853. This works great on ipv4. Trying out ipv6 and on the LAN I have the track interface.

When I run dig from a client and specify the lan ipv6 addres on 53, I get a timed out error and no reply. If I specify port 8853 for unbound with the ipv6 this works fine. It seems AGH isn't listening on the LAN ipv6 address. Is there any way to set this up? I can't find anything for this.