Messages

As you can see in the screen shots I have defined a subnet with an alias in 192.168.1.1/27 to cover the range from .2 to .31 where I have my DHCP range. What I want is that all devices connected to the DHCP will only have access to internet in ports 80 443 and 53 so these would allow them to browse.

What I get is that I don't have access to internet with devices with an IP on that Range, what I am doing wrong?

I am creating this rule in the LAN internface


BTW I am coming from pfsense and opnsense is fantastic, great work and I advice everyone to do the change.

It's possible to whitelist DNSBL and IP false block easily?
It's possible apply the block lists only to specific ports?
Does opnsense merge the lists to avoid duplicated entries?

Sorry I understood you wrong.

And then for IPBlock lists is there any option?

try to disable ad blocker or anything like that in chrome?

but will be ntopng fully integrated inside opnsense?

Where do you get this info? are you a developer?

Excellent news.

What about Sensei? when will this be part of opnsense?   https://www.sunnyvalley.io/sensei

What about bro IDS? it could be a good addition    https://www.bro.org/

And I guess Wireguard will be soon part of opnsense as well :)

Yeah but that would imply to run pfsense with pfblockerng  and opnsense at the same time, which make no sense if you can simply run pfsense.

Someone mention that there was people working in private to bring some pfblockerng capabilities to opnsense, any news about this?

No, because you have to configure your wireless router as an access point, so NAT, DHCP... is disabled.

Take a look to your router settings

https://www.google.es/search?q=netgear+wiress+router+as+AP&oq=netgear+wiress+router+as+AP&aqs=chrome..69i57j0l5.4895j0j9&sourceid=chrome&ie=UTF-8

What new features will be in 19.1? I guess you may have already something in mind
@Franco

Any news about how this is evolving?

Yes, what else you can do?
You can create an VLAN for you the AP, only for the wireless network.

Some news

https://www.phoronix.com/scan.php?page=news_item&px=Linus-Likes-WireGuard

That's definitely true. However, pfBlockerNG is such a condensed Swiss army knife tool that users can end up failing to express their needs in firewall feature terms. They look for a single place to do it all and ask here if they can't find it.

So pfBlockerNG gives a very easy to use integration into pfSense, an experience that is hard to emulate with the philosophy that we try to follow with OPNsense. It's neither good or bad. Maybe documentation can help, maybe it can't. But it's worth a try. :)


Cheers,
Franco

Why is hard to add feaures from pfBlockerNG to opnsense?
What has to do this with the "philosophy"?

pfBlockerNG is an excellent tool and opnsense should aim to replicate most of the functionality.
There are plenty of open source firewalls, what the market needs is one that integrates UTM functionalities. AV (not just clam AV which has a bad detection rates), suricata, OpenAppID, SNORT V3, Advanced thread protection functionality (anti APT), web filter, ad filter, ip filters, integration with external APIs like cuckoosandbox, Virus total, etc. the first open source firewall (osf) to get into this state will take the market from the others osf.

Either you get this from open source software or you start to look for optional and comercial alliances in the market.

Opnsense should focus on this and nothing else, if someone wants just a firewall is a no brain to pick pfsense over opnsense.

Where I can find the updated roadmap for 18.7?
https://opnsense.org/about/road-map/

I'm about to decided between pfsense and opnsense.

What is the approach of opnsense regarding a UTM model? pfsense is more focused on fw core functionalities.
Is there people working fulltime on opnsense ?