Messages

Was it working before? 26.1.9? Or we don't know?

You probably should use Traffic Shaper:
https://docs.opnsense.org/manual/shaping.html#introduction

The settings you are changing don't necessarily do what you would expect:
https://docs.opnsense.org/manual/firewall.html#settings (Choose priority)

Have you gone to your WAN interface settings on OPNsense and disabled "Block private networks" and "Block bogon networks"? I would start there.

You can also try deleting and re-adding the WAN interface.

You can always just buy a license if you plan to use it longish term. No? At around 4 months, you break even.

But I believe it as the automatic table mentions $0.05/hour + Azure infrastructure costs

No, these are not our CVEs.

I meant something along the lines of
"This business release is based on the OPNsense 26.1.9 community version with additional security and reliability improvements." because this person probably got a bit overwhelmed with all the improvements on the new version.

We are in a CVE apocalypse ofcourse no need to micromanage each security fix :)

May we expect a fix for the business edition as well?

The most recent release from today is based on 26.1.9 and there is no fix regarding this CVE mentioned on the page. So I guess, it might be still vulnerable.

Or should we go the manual path by setting the tunable?

It's fixed. Maybe there is a need for better visibility but business edition always gets security fixes.

This is the relevant mention:
o src: arbitrary file overwrite via the KTLS receive path[15]

We don't have much budget. I remember this 4600 cost around $15,000, and now the new 3790 costs around almost $20,000.
I plan to replace it with a spare HP DL388, but there's a problem. The HP server takes too long to boot up, and the self-test takes several minutes, which is quite a headache.

There is also a middle ground between spending $20,000 and wasting time and electricity with a DL388 just to run a firewall.

Official opnsense hardware :)

https://shop.opnsense.com/product/dec3940-opnsense-rack-security-appliance/

I also install nano, much better experience :) Editor wars 2.0

And on July 29th its coming to OPNsense. If all goes well :)

That was not my question. I want to know if they are updated automatically, or i have to intervene?

If you add a cron job they are updated automatically every X amount of time.
Otherwise, they don't.

My bad, I just assumed the end goal was to do it automatically.

Go to cron jobs and add an "Update and reload firewall aliases" job every day or whenever you see fit.

IMHO running any system without swap is not a very good idea. If the system needs it for any reason, it is best for it to have it than not.

It's not a perfect science. In my limited experimentation, the chances of swap getting used and the whole system becoming sluggish are much higher than a 16GB+ system being starved of memory.

Yes, let the defaults be. You don't need swap.

Have set the range and lease time but its not picking the new leases its still using old configurations

You need to tell the local clients to renew their lease manually.

For Windows:
ipconfig /release
ipconfig /renew

But you need to do some research and use AI. Its great for these kinds of things.

XXXX/ui/dnsmasq/settings#dhcpranges

Edit or create a new range, its one of the settings here