"
Hi Cedrik,
I very agree Proxy leads to higher performance and complexity cost. Plus unnecessary SSL inspection and Self-signed cert -even when it is not really necessary due to nobump.
Or, if Proxy without transparent mode - need to install proxies on all clients, not so desirable.
So, I tried UnboundService. Sounds good - unboundService now has wildcards and regex in its Whitelist.
But I can't get this whitelist to work. In the Forums I see others cannot either.
DnsMask I did not try yet. Not desirable to get problems, if one day I would need Whitelist plus some kind of Blacklist together.
So, seeing the disadvantages of other solutions, for me it seems the old solution with regex expressions (similar as in pfsense up to now) was not so bad.
The reasoning point to dispose regex expressions "Can no longer use regex in firewall" was "users are not familiar with regex". But, for most cases a good list of examples would do.
For me, the whitelist use case is an important use case for opnsense. This mostly requires WindowsUpdate must be allowed/whitelisted.
But as there is no way to get WindowsUpdate work without wildcards,
opnsense really needs a good solution for this important use case.
Would generally make better picture for new customers, newbees like me.
Can somebody show a good solution really working without problems? Or would it be better to return to regex wildcards, maybe as an after-final patch for 25.7.11?
If 26 brings up a good solution - ok too.
I very agree Proxy leads to higher performance and complexity cost. Plus unnecessary SSL inspection and Self-signed cert -even when it is not really necessary due to nobump.
Or, if Proxy without transparent mode - need to install proxies on all clients, not so desirable.
So, I tried UnboundService. Sounds good - unboundService now has wildcards and regex in its Whitelist.
But I can't get this whitelist to work. In the Forums I see others cannot either.
DnsMask I did not try yet. Not desirable to get problems, if one day I would need Whitelist plus some kind of Blacklist together.
So, seeing the disadvantages of other solutions, for me it seems the old solution with regex expressions (similar as in pfsense up to now) was not so bad.
The reasoning point to dispose regex expressions "Can no longer use regex in firewall" was "users are not familiar with regex". But, for most cases a good list of examples would do.
For me, the whitelist use case is an important use case for opnsense. This mostly requires WindowsUpdate must be allowed/whitelisted.
But as there is no way to get WindowsUpdate work without wildcards,
opnsense really needs a good solution for this important use case.
Would generally make better picture for new customers, newbees like me.
Can somebody show a good solution really working without problems? Or would it be better to return to regex wildcards, maybe as an after-final patch for 25.7.11?
If 26 brings up a good solution - ok too.
