"Quote from: OPNenthu on February 20, 2026, 07:12:24 PMHostwatch can be enabled selectively on internal interfaces if WAN is the only issue.
I have the interfaces filtered to LAN on 26.1.4, but I'm still seeing WAN discovery happening.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100% CPU
March 23, 2026, 08:22:13 PMI have the interfaces filtered to LAN on 26.1.4, but I'm still seeing WAN discovery happening.
#2
25.7, 25.10 Series / Re: Interfaces: Neighbors: Automatic Discovery - Only works with ALL interfaces
March 23, 2026, 08:20:05 PM
I'm on 26.1.4, and my LAN filter for hostwatch is still not working. I'm seeing 95% of entries from WAN. Is this expected?
#3
General Discussion / Is there a way to emulate a "quarantine zone"?
January 16, 2026, 06:21:10 AM
I am a recent adopter of OPNsense, so I apologize if this has been discussed already under a different name, and/or if it would be considered outside the scope of OPNsense.
I would like to have a "quarantine zone" where new devices would first fall into a VLAN that has no internet access, then can be assigned a different VLAN which would give them tailored access. My motivation is dealing with client devices that randomize MAC addresses while releasing/renewing IPs. I want different types of clients to have different firewall rules applied to them. With the ability to spoof MAC addresses, it seems like relying on subnet rules makes more sense.
My OPNsense router has a Unifi switch connected to it, which in turn has an Omada AP connected to that. I understand that such a solution probably requires support across the hardware stack, but I am still a bit lost at where to start. Does anyone have any pointers about implementing such a solution?
I would like to have a "quarantine zone" where new devices would first fall into a VLAN that has no internet access, then can be assigned a different VLAN which would give them tailored access. My motivation is dealing with client devices that randomize MAC addresses while releasing/renewing IPs. I want different types of clients to have different firewall rules applied to them. With the ability to spoof MAC addresses, it seems like relying on subnet rules makes more sense.
My OPNsense router has a Unifi switch connected to it, which in turn has an Omada AP connected to that. I understand that such a solution probably requires support across the hardware stack, but I am still a bit lost at where to start. Does anyone have any pointers about implementing such a solution?
Pages1
