Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - bamf

Pages1
#1
German - Deutsch / MSS Clamping IPv4 / IPv6
March 12, 2026, 01:43:46 PM
Hallo,

in den Normalization Settings kann man nicht zwischen IPv4 und IPv6 wählen. Wie kann ich unterschiedliche MSS Werte setzen?

Aktuell habe ich 1432 gesetzt und das greift für IPv4 und IPv6.

Eine Fritzbox z.B. macht automatisch: IPv4 1452, IPv6 1432.

Wie stellt man das in der OPNSense ein?
#2
German - Deutsch / Kea Option 108 für DHCP-Reservierungen
March 10, 2026, 03:36:46 PM
Hallo,

scheinbar kann man v6-only-preferred (108) in Kea nur für ein Subnetz setzen, nicht aber für einzelne Hosts.

Ist das eine Einschränkung von Kea oder fehlt eine solche Option nur in der OPNSense WebUI?
#3
German - Deutsch / Anderes Gateway für den Squid Proxy
February 04, 2026, 06:47:46 PM
Hallo,

aufgrund der Peering-Problematik der Telekom mache ich Policy-Based-Routing zum Cloudflare CDN über mein VPS via Wireguard VPN. Dafür habe ich Firewall-Regeln implementiert, die den Traffic dorthin über das Gateway meiner VPN-Verbindung schicken.

Was muss ich konfigurieren, damit auch der Squid dieses Gateway nutzt? Die OPNSense selbst soll weiterhin das Default Gateway nutzen.
#4
25.7, 25.10 Legacy Series / No more IP address + hostname displayed in firewall live log in 25.7.10
December 18, 2025, 10:11:29 PM
Hi,

prior to the 25.7.10 release, when ticking the "Lookup hostnames" checkbox in the firewall live log, a new column appeared. Now, when that box is ticked, the "Source" column is replaced by the "Source Hostname" column. This means we can no longer see both the IP address and the hostname simultaneously in the live view.

Is this a bug or an intended change?
#5
German - Deutsch / UPnP / PCP Port Mapping Optionen
December 04, 2025, 09:30:03 PM
Hallo,

mit dem 25.7.9 Update gibt es neue Optionen für das UPnP IGD & PCP Port Mapping.

Erste Frage:

"The access control list (ACL) specifies which IP addresses and ports can be mapped. IPv6 is currently always accepted unless disabled."

Also kann ich hier keine Regel für IPv6 definieren? Ich habe ACLs definiert, damit nur bestimmte Hosts bestimmte Ports öffnen dürfen. Ich muss also IPv6 Mapping komplett deaktivieren, wenn ich nicht möchte, dass irgendwelche Geräte irgendwelche Regeln erstellen dürfen?

Zweite Frage:

"Allow third-party mapping: Allow adding port maps for non-requesting IP addresses."

Bedeutet das, ich lege nun eine ACL an, z.B. "allow 1-65535 192.168.100.20/32 1-65535" und dieses Gerät darf dann Port Mappings auf jede IP-Adresse anlegen? Oder lege ich damit komplett die ACLs lahm?
#6
German - Deutsch / RAM-Anzeige im Dashboard stimmt nicht
November 12, 2025, 05:32:44 PM
Hallo,

warum zeigt das Dashboard die RAM-Auslastung nicht korrekt an?

Tatsächlich liegen 18 GB Logs im tmpfs:

Code Select
root@OPNsense:~ # df -h /var/log
Filesystem    Size    Used   Avail Capacity  Mounted on
tmpfs          32G     18G     14G    56%    /var/log
root@OPNsense:~ # du -h -d 1 /var/log | sort -h
  0B /var/log/ntp
  0B /var/log/radacct
  0B /var/log/suricata
8.0K /var/log/monit
 28K /var/log/telegraf
 36K /var/log/ntpd
 41K /var/log/pkg
 53K /var/log/gateways
 57K /var/log/lighttpd
246K /var/log/firewall
538K /var/log/routing
590K /var/log/resolver
1.7M /var/log/system
 41M /var/log/audit
 50M /var/log/configd
 83M /var/log/squid
 84M /var/log/kea
 18G /var/log
 18G /var/log/filter
#7
German - Deutsch / Falsche Management IP via LLDP reported
October 24, 2025, 01:14:45 AM
Hallo,


meine OPNSense bedient zwei Netze: Mein Heimnetz
Code Select
192.168.100.0/24 und ein Gastnetzwerk
Code Select
192.168.200.0/24
Gateway ist jeweils die
Code Select
01. Clients im Gastnetzwerk haben natürlich nur Zugriff aufs Internet und ausgewählte Geräte.

Mein primares Interface ist ein Active-Backup Bond
Code Select
lagg0 bestehend aus
Code Select
ix0 und
Code Select
igc1 mit
Code Select
ix0 als primärem Interface.

Das
Code Select
GUEST Interface liegt an
Code Select
igc2
Ich nutze LLDP auf meinen Geräten.

Code Select
Interface Configuration für
Code Select
LLDP steht auf
Code Select
ix0
und habe nun auf meinem Switch gesehen, dass die OPNSense die
Code Select
192.168.200.1 als Management Adresse announced. Das sollte aber die
Code Select
192.168.100.1 sein.

Code Select
14 30 20:7c:xx:xx:xx:fe 20:7c:xx:x:x:fe ix0 OPNsense 192.168.200.1
Wo liegt der Fehler?

Und wie bekomme ich die Code-Tags hier so hin, dass nicht jedes eine einzelne ausklappbare Zeile ist? Das ist ja unlesbar.
#8
German - Deutsch / Kea DHCPv6 Optionen
September 26, 2025, 05:42:57 PM
Hallo,

ich habe bisher via ISC DHCPv6 den NTP-Server verteilt (Router Avertisements: Stateless).

Jetzt habe ich umgestellt auf KEA, finde da aber nirgends die Möglichkeit, einen NTP-Server einzutragen. Network Boot fehlt ebenfalls. Wo finde ich diese Optionen?

Die einzigen Optionen, die mir angezeigt werden, sind:

DNS Servers
Domain Search
#9
German - Deutsch / IPv6: Clients verlieren Verbindung ins Internet
June 03, 2025, 05:06:14 PM
Hallo,

ich versuche mein Glück mal hier, da mit englissprachigen Forum keine Antwort kommt.

Ich betreibe meine OPNSense als Router hinter einem Zyxel-Modem an einem Business-Anschluss der Telekom. Statische IPv4-Adresse, statisches /56 Präfix.

Ich immer kürzer werdenden Abständen verlieren alle meine Clients im Netzwerk die IPv6-Verbindung ins Internet. Kein Ping, kein Traceroute mehr möglich, Clients auch von außen nicht mehr erreichbar.

Die OPNSense behält ihre IPv6-Konnektivität ins Internet. Intern funktioniert weiterhin alles. RA läuft, Clients bekommen globale Adressen und können untereinander über ihre ULAs kommunizieren.

Prevent Release ist aktiviert.

Wenn ich die OPNSense neu starte, funktioniert alles wieder. Für ein paar Stunden, bis es urplötzlich wieder ausfällt.

Welche Infos werden benötigt, um das Problem zu beheben?
#10
25.1, 25.4 Legacy Series / Clients losing IPv6 internet connection
June 02, 2025, 02:32:15 PM
Hi,

since a few weeks, my LAN clients occasionally lose their IPv6 connection to internet targets.

OPNSense still can still ping and traceroute, but clients cannot

Internal IPv6 connectivity between clients is still fine. Router Advertisements are working.

Code Select
root@OPNsense:~ # ifconfig
igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    description: MODEM (opt2)
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9000
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    hwaddr 20:7c:14:xx:xx:xx
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: GUEST (opt3)
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    inet 192.168.200.1 netmask 0xffffff00 broadcast 192.168.200.255
    inet6 2003:a:xxxx:xxxx::1 prefixlen 64
    inet6 fe80::227c:xxxx:xxxx:xxxx%igc2 prefixlen 64 scopeid 0x3
    inet6 fda7::1 prefixlen 64
    media: Ethernet autoselect
    status: no carrier
    nd6 options=121<PERFORMNUD,AUTO_LINKLOCAL,NO_DAD>
igc3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc4: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9000
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0 metric 0 mtu 1536
    options=0
    groups: enc
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pfsync0: flags=0 metric 0 mtu 1500
    options=0
    maxupd: 128 defer: off version: 1400
    syncok: 1
    groups: pfsync
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33152
    options=0
    groups: pflog
lagg0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9000
    description: LAN (lan)
    options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    hwaddr 00:00:00:00:00:00
    inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
    inet6 2003:a:xxxx:xxxx::1 prefixlen 64
    inet6 fe80::227c:14ff:xxxx:xxxx%lagg0 prefixlen 64 scopeid 0xe
    inet6 fda6::1 prefixlen 64
    laggproto failover lagghash l2,l3,l4
    laggport: igc1 flags=0<>
    laggport: ix0 flags=5<MASTER,ACTIVE>
    groups: lagg
    media: Ethernet autoselect
    status: active
    nd6 options=121<PERFORMNUD,AUTO_LINKLOCAL,NO_DAD>
vlan01: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=4600703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,RXCSUM_IPV6,TXCSUM_IPV6,MEXTPG>
    ether 20:7c:14:xx:xx:xx
    groups: vlan
    vlan: 7 vlanproto: 802.1q vlanpcp: 0 parent interface: igc0
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pppoe0: flags=10088d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1492
    description: WAN_Telekom (opt1)
    options=0
    inet 87.xx.xx.xx --> 62.xx.xx.xx netmask 0xffffffff
    inet6 fe80::227c:14ff:xxxx:xxxx%pppoe0 prefixlen 64 scopeid 0x10
    inet6 fe80::227c:14ff:xxxx:xxxx%pppoe0 prefixlen 64 scopeid 0x10
    inet6 2003:a:37f:a71a:227c:xxxx:xxxx:xxxx prefixlen 64 autoconf pltime 1800 vltime 14400
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Code Select
root@OPNsense:~ # cat /var/log/system/latest.log | grep -Ei 'lagg|ndp|icmp6|gateway|route|pf'
<13>1 2025-05-27T04:46:01+02:00 OPNsense.home.arpa opnsense 34605 - [meta sequenceId="234"] /usr/local/etc/rc.newwanip: ROUTING: treating '62.156.xx.xx' as far gateway for '87.xx.xx.xx/32'
<13>1 2025-05-27T04:46:01+02:00 OPNsense.home.arpa opnsense 34605 - [meta sequenceId="235"] /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on opt1
<13>1 2025-05-27T04:46:01+02:00 OPNsense.home.arpa opnsense 34605 - [meta sequenceId="236"] /usr/local/etc/rc.newwanip: ROUTING: setting inet default route to 62.156.xx.xx
<13>1 2025-05-27T04:46:05+02:00 OPNsense.home.arpa opnsense 43095 - [meta sequenceId="241"] /usr/local/etc/rc.newwanipv6: ROUTING: configuring inet6 default gateway on opt1
<13>1 2025-05-27T04:46:05+02:00 OPNsense.home.arpa opnsense 43095 - [meta sequenceId="242"] /usr/local/etc/rc.newwanipv6: ROUTING: keeping inet6 default route to fe80::200:ff:fe00:0%pppoe0
<13>1 2025-05-27T04:46:07+02:00 OPNsense.home.arpa opnsense 34605 - [meta sequenceId="245"] /usr/local/etc/rc.newwanip: IP gateway change detected, killing states for 62.156.xx.xx
<13>1 2025-05-27T10:08:32+02:00 OPNsense.home.arpa kernel - - [meta sequenceId="3"] <6>lagg0: promiscuous mode enabled
<13>1 2025-05-27T10:08:35+02:00 OPNsense.home.arpa kernel - - [meta sequenceId="6"] <6>lagg0: promiscuous mode disabled
<13>1 2025-05-27T10:14:35+02:00 OPNsense.home.arpa kernel - - [meta sequenceId="3"] <6>lagg0: promiscuous mode enabled
<13>1 2025-05-27T10:14:48+02:00 OPNsense.home.arpa kernel - - [meta sequenceId="6"] <6>lagg0: promiscuous mode disabled
Only a reboot of the router fixes the issue. For either a few hours, a few days... until all clients are offline with IPv6 again.

I am on a Deutsche Telekom VDSL Line using a Zyxel Modem.

Can someone here help me find the root cause?
#11
25.1, 25.4 Legacy Series / Alias Refresh Frequency less than one hour
April 14, 2025, 12:19:05 PM
Hi,

how to make the firewall reload an Alias more often than every hour. I tried 0.25 for 15 Minutes, but it does not seem to work.

I only want to reload a single Alias, not all ones.
#12
25.1, 25.4 Legacy Series / File location of statistics
March 25, 2025, 07:01:15 PM
Hi,

where are the Unbound statistics saved? I want to have everything in /var/log which is a tmpfs.

What about RRD and Netflow data?
#13
Web Proxy Filtering and Caching / Disable Authentication for Squid
March 11, 2025, 09:58:10 AM
Hi,

I enabled the Squid web proxy, but it is refusing connections.

Under "Authentication method" the only options are "Local Database" or "Nothing selected". How can I disable the authentication?
#14
25.1, 25.4 Legacy Series / Firewall Maximum Fragments default value
March 05, 2025, 08:42:12 PM
Hi,

what's the default value for
Code Select
Firewall Maximum Fragments?
#15
25.1, 25.4 Legacy Series / OPNSense, Jumbo Frames and IPv6
February 25, 2025, 07:49:09 PM
Hi,

I recently set up an OPNsense installation on x86/64 hardware (with an Intel Atom C3808), which handles the PPPoE dial-in for my VDSL connection and will later manage the Telekom fiber connection.

It is connected to my switch via a 10G DAC. One of the 2.5G ports is configured as a failover, meaning it has no active link during normal operation.

Since the processor was struggling with packet processing, I started experimenting with an MTU of 9000 (Jumbo Frames).

So far, this works well. Outbound (into the LAN), the device now achieves >8 Gbit/s, whereas previously, it was limited to ~3 Gbit/s.

I have manually configured the MTU on most devices. The remaining ones (printer, TV, IP Phone, etc.) seem to handle Path MTU Discovery just fine.

Additionally, I am advertising MTU 9000 via DHCP (v4|v6) (Option 26) and in the Router Advertisements using AdvLinkMTU.

However, I'm unsure if this works correctly for IPv6. When I send packets with an MTU >1500 to the OPNsense, they appear to be fragmented there:

Code Select
19:21:00.689884 IP6 (flowlabel 0x64674, hlim 64, next-header ICMPv6 (58) payload length: 3008) fda6::3221:21ff:fe00:99e > OPNSense.home.arpa: [icmp6 sum ok] ICMP6, echo request, id 62758, seq 1
19:21:00.690083 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x6ad09c21:0|1440) ICMP6, echo reply, id 62758, seq 1
19:21:00.690091 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x6ad09c21:1440|1440)
19:21:00.690126 IP6 (hlim 64, next-header Fragment (44) payload length: 136) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x6ad09c21:2880|128)
19:21:01.723259 IP6 (flowlabel 0x64674, hlim 64, next-header ICMPv6 (58) payload length: 3008) fda6::3221:21ff:fe00:99e > OPNSense.home.arpa: [icmp6 sum ok] ICMP6, echo request, id 62758, seq 2
19:21:01.723484 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x12234b6d:0|1440) ICMP6, echo reply, id 62758, seq 2
19:21:01.723518 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x12234b6d:1440|1440)
19:21:01.723525 IP6 (hlim 64, next-header Fragment (44) payload length: 136) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x12234b6d:2880|128)

I have already disabled all hardware offloading functions (CRC, TSO, LRO) for testing, but this made no difference.

Is this behavior expected, or do I need to configure anything else for IPv6 specifically?
#16
25.1, 25.4 Legacy Series / WAN Interface has wrong Identifier op1 instead of wan
February 25, 2025, 01:47:02 PM
Hi,

my WAN interface has the Identifier
Code Select
opt1 instead of
Code Select
wan.

Do I need to change something here to get correct default firewall rules for the WAN interface? If yes, what's the correct way to migrate it while keeping all custom firewall rules, VLAN assignments etc.?
Pages1