Messages

Hello,

sorry having a hard time understanding this DIVERT parameter.
So if i set FW rules to allow ports 443/80/5520 and then i create an additional FW rule with the same SRC/DST IP's then the 1ST rule would allow only the traffic on the ports defined and the second would send the traffic to the IPS?
or how is it possible to filter with DIVERT IPS?

as in the pic if i allow the 2 DIVERT rules?

Thank you all for the awesome work on this.

I think you confused protocol divert with Advanced Options -> divert to. Or I miss something..

Hi, regarding the Suricata crash issue with IPS Divert mode (https://github.com/opnsense/core/issues/9712), is anyone else affected by the same problem?

From my side all seems working well, upgraded from 25.7.11_2 to 26.1-RC1.
I've already tested IPSEC, BIND, unbound, BGP with FFR, Wiregard, OVPN, Crowdsec, Suricata, and other plugins less deeply.
FW rules migrated completely.
The only thing that I noticed is that the auto-generated floating rules are visible correctly only on old rules, in the new section I see some blank rules.

I would also ask the diff between NAT outbound rules and SNAT.
Thanks :)

⚠️EDIT: it seems that floating rules apparently blank was in fact a very dangerous "any to any" and I rolled back to snapshot this time for being sure 100% that all is properly blocked as before

Good morning, everyone. I apologize if this is not the correct section; I'm relatively new here.
This morning, I received a CVE report from our cybersecurity agency regarding CVE on Kea DHCP. I checked the packet version in OPNsense, and it appears to be affected in the latest available version of OPNsense.

https://www.acn.gov.it/portale/en/w/aggiornamenti-di-sicurezza-per-prodotti-isc

https://www.cve.org/CVERecord?id=CVE-2025-32801

This is just as report :)

Same message here, latest version installed

Yes, it has gone. Thanks.

Hi, I noticed a black empty widget (I cannot remove it because I cannot see the "x" button) after upgrading to the latest version.



I don't remember exactly what there was there before the upgrade.

Thanks it works! But, my question is: could´t be easier to add this possibility to "pass" all the system notification to Monit and send them via email? On pfSense it was sufficient to install apcupsd, then in system embedded setting enable system email notification (not only apcupsd) and you will get the email when power goes down, immediately without polling time, in the same instant you see the message via SSH...

Hi, just to report my issue I had, maybe could be useful to others.

I saw that the "Health" section (graphics) were not working anymore, so I suspected some packages were corrupted. After an health audit (Firmware, status, audit) I found:

Error 2 occurred. etc/sysctl.conf:

(I have installed Zenarmor plugin)

Then I found this https://www.reddit.com/r/opnsense/comments/tpi1yk/health_check_error_after_installing_and/ , and after reinstalling the base package, reboot system, health audit was good, also graphics in Health section are working good now.