"
IP addresses were just an example here. I'm looking for more detailed yet readable information. For instance, I need to link the 'Interfaces' widget with 'DHCP' to display the connected device names as well, and so on... However, I've grown accustomed to how limited the OPNsense dashboard is it simply doesn't compare to something like Grafana dashboards, which can be configured to show exactly what you want upfront. Having such flexibility natively would be ideal, as an integrated dashboard would consume minimal additional resources and only while in use without the security risks associated with exporting sensitive network data to external tools.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
26.1 Series / Re: OPNsense 26.1_4-amd64 unable to view automatic generated rules in new firewall rules
February 04, 2026, 12:32:29 PM #2
26.1 Series / Re: OPNsense 26.1_4-amd64 unable to view automatic generated rules in new firewall rules
February 04, 2026, 11:58:54 AM
Most of these extra bells and whistles are unnecessary. Personally, I miss having clear, simple, and specific information on the dashboard like the IP address, which even the cheapest routers show right on the start page. Instead, I have to click through multiple menus just to find it. I always prioritize simplicity, readability, and speed, along with system responsiveness and eliminating routing jitter, rather than wasting device performance on useless features.
#3
Intrusion Detection and Prevention / Re: Please updating the Default DNS Blocklists and Intrusion Detection (Suricata Rules)
January 13, 2026, 01:21:40 PMQuote from: marunjar on December 22, 2025, 01:59:45 PMQuote from: Armani on December 16, 2025, 03:09:08 AMIncluding more comprehensive and regularly updated community lists would significantly improve the default security level of OPNsense installations.When editing blocklist you can enable advanced mode to get the `URLs of Blocklists` field, where you can add urls to all blocklists you want.
They don't necessarily have to be provided by opnsense itself.
This does not solve the problem of current lists in the image.
#4
Intrusion Detection and Prevention / Re: Please updating the Default DNS Blocklists and Intrusion Detection (Suricata Rules)
December 19, 2025, 11:06:32 AM
DNS blocklists are missing Hagezi lists, such as "Most Abused TLDs" (both Normal and Aggressive), which I mentioned earlier. In addition, several lists in Suricata are outdated or empty, for example "IP SSLBL Abuse.ch".
Furthermore, some lists could be moved from Suricata to DNS or simply offered as an option in both places. A good example is URLHaus (URL-based); blocking this at the DNS level is faster and more resource-efficient (lower RAM/CPU usage) while achieving the same effect.
In particular, I am referring to behavioral / anomaly / hunting rules focused on web client behavior (browsers, curl, wget, etc.), TLS/JA3/JA4 fingerprinting, and the detection of unusual application behavior patterns within the network. I would prefer to optimize Suricata and its rule sets toward deep detection: suspicious behaviors, JA3/JA4 fingerprints, and identification and blocking of C2 infrastructure and IP addresses. In practice, Suricata should handle all detection tasks that DNS cannot provide. This would represent the most effective approach, minimizing resource usage and avoiding duplication of detection mechanisms.
I hope I am not the only one who has noticed this fundamental issue with outdated lists in such a powerful and comprehensive system as OPNsense. For this reason, I am raising this topic again and requesting an update and refresh of the lists for both DNS and Suricata.
Furthermore, some lists could be moved from Suricata to DNS or simply offered as an option in both places. A good example is URLHaus (URL-based); blocking this at the DNS level is faster and more resource-efficient (lower RAM/CPU usage) while achieving the same effect.
In particular, I am referring to behavioral / anomaly / hunting rules focused on web client behavior (browsers, curl, wget, etc.), TLS/JA3/JA4 fingerprinting, and the detection of unusual application behavior patterns within the network. I would prefer to optimize Suricata and its rule sets toward deep detection: suspicious behaviors, JA3/JA4 fingerprints, and identification and blocking of C2 infrastructure and IP addresses. In practice, Suricata should handle all detection tasks that DNS cannot provide. This would represent the most effective approach, minimizing resource usage and avoiding duplication of detection mechanisms.
I hope I am not the only one who has noticed this fundamental issue with outdated lists in such a powerful and comprehensive system as OPNsense. For this reason, I am raising this topic again and requesting an update and refresh of the lists for both DNS and Suricata.
#5
Intrusion Detection and Prevention / Please updating the Default DNS Blocklists and Intrusion Detection (Suricata Rules)
December 16, 2025, 03:09:08 AM
Dear OPNsense Team,
I would like to suggest a more frequent update cycle for the default blocklists available in the system, specifically in the Services: Intrusion Detection (Suricata Rules) and Services: Unbound DNS: Blocklists sections.
Please verify and maintain the default list sets in the Services: Intrusion Detection and Services: Unbound DNS: Blocklists sections.
The problem is that in the current configuration, some links to sources are inactive (the lists have been removed by their authors), and some new expected lists are missing from the default OPNsense packages/configuration.
For example, the Unbound DNS: Blocklists ruleset lacks lists of the most abused top-level domains (TLDs) Normal and Aggressive, the same applies to Suricata, as the collections lists are not up-to-date.
Please ensure that these lists are regularly updated and supplemented to ensure all default lists are up-to-date, accessible, and functional. Including more comprehensive and regularly updated community lists would significantly improve the default security level of OPNsense installations.
The current infrastructure for downloading these lists is excellent; this request only concerns updating the default sources.
Thank you for considering this enhancement.
I would like to suggest a more frequent update cycle for the default blocklists available in the system, specifically in the Services: Intrusion Detection (Suricata Rules) and Services: Unbound DNS: Blocklists sections.
Please verify and maintain the default list sets in the Services: Intrusion Detection and Services: Unbound DNS: Blocklists sections.
The problem is that in the current configuration, some links to sources are inactive (the lists have been removed by their authors), and some new expected lists are missing from the default OPNsense packages/configuration.
For example, the Unbound DNS: Blocklists ruleset lacks lists of the most abused top-level domains (TLDs) Normal and Aggressive, the same applies to Suricata, as the collections lists are not up-to-date.
Please ensure that these lists are regularly updated and supplemented to ensure all default lists are up-to-date, accessible, and functional. Including more comprehensive and regularly updated community lists would significantly improve the default security level of OPNsense installations.
The current infrastructure for downloading these lists is excellent; this request only concerns updating the default sources.
Thank you for considering this enhancement.
Pages1
