Topics

1

21.1 Legacy Series / Feature Request - UI state reset on schedule state change

« on: April 07, 2021, 05:44:10 pm »

Hello,

I don't see a spot on the forums for feature requests, so I will add it here. Apologies if it is in the wrong place.

As the subject implies:

I'm requesting an option in the web GUI on the schedule configuration page. I'm thinking something like a checkbox, to enable an option that resets states when a particular schedule takes effect.

I've seen a number of people requesting this on the forums, or something similar. There seems to be a lot of confusion as to why firewall rules aren't taking effect when the schedule becomes active. While I understand there is a good technical explanation, it is still understandable confusion. Especially for newer users.

The best workaround I can find is to create a cron script in the console to reset states on a schedule that happens to coincide with the respective firewall schedule. If this is the only way to reset states after a firewall schedule takes effect, then it is extremely inconvenient and probably beyond the abilities of the average user.

Having an option on the schedule page to reset states after a schedule rule becomes active seems like a fairly good solution.

 

2

21.1 Legacy Series / Trying to block single host from internet only.

« on: April 07, 2021, 04:35:19 pm »

Hello,

I'm trying to block a single host from the internet only (still have access to local LAN resources). It simply isn't working.

I've tried applying the rule to "floating" as well as the relevant LAN interface, but neither works.
I am resetting states after activating the rule, but it doesn't make a difference.

The rule I'm using is as follows:

Action: Block
Direction: In
Source: (Single Host) The blocked hosts LAN IP
Destination: WAN
Port Range: Any to Any

All other options are default. The rule is at the top of the list (below the auto generated rules).

I've also played around with a variety of other options, but literally nothing works. I've tried to use an Alias as well. Has the "block" feature been fully implemented yet in OPNsense, or is it a placeholder? I've never gotten a block rule to work on OPNsense before.

As I said, I am resetting states following rule activation.

Is there anything else I can try, or is this a known issue?

Thanks,
PW

3

21.1 Legacy Series / Questions About VLAN

« on: March 24, 2021, 12:40:55 am »

Hello,

I have some questions about how OpnSense handles VLAN.

In the following example, I have a quad port device running OpenSense.
igb0 is WAN.
igb1 is trunk for all VLANS.

Lets assume the following VLANS configured:

VLAN 100 - Management - Parent: igb1
VLAN 200 - Workstations - Parent: igb1
VLAN 300 - IoT Stuff - Parent: igb1

• In this example, how can I select which VLAN is native to the trunk port (if someone physically plugs into the port). This is a theoretical question, since I would likely have a managed switch which would tag all packets on the trunck anyway, but I don't see an option for it in opnsense. Ideally, it would be the management LAN.
• Is there a way to ensure all packets traveling to the trunk port (igb1) are tagged? Or at least a way to configure opnsense to react as though all untagged packets are in a particular VLAN? I assume this would be related to the question above.
• Is there a way to configure the additional physical ports (igb2, igb3, etc) as access ports for VLANs defined above, which already have their parent port assigned to igb1. I don't see an option for this.

Thanks in advance.

4

21.1 Legacy Series / Schedule Based Firewall Rules

« on: February 21, 2021, 05:52:58 pm »

What is the current recommended way to set up scheduled firewall rules for blocking specific clients from internet?

I've found a few threads on this forum, but they are quite old and trying the recommendations doesn't work entirely. For instance, simply setting a scheduled block rule in the floating rules is effective, but won't kill existing connections.

I have the schedule and the alias' set up the way I want them, and they appear to work. The only quirk is terminating existing connections. Is there a trick I'm missing?

5

General Discussion / VLAN Compatibility with Mikrotik Switchs

« on: February 16, 2021, 02:54:07 am »

Hello,

Has anyone used their OPNSense router with Mikrotik CSS switches (swOS)?

I have a very basic lab set up with a OPNSense box and a CSS-610-8G. Everything works exactly as I would expect, except when I get to VLANS. At that point everything completely stops working.

The lab OPNSense has two VLANS set up (100 and 200), with DHCP set up for each (192.168.100.1/24 and 192.168.200.1/24) respectively. I've set these up, assigned them to an interface (port 3), and plugged that interface into the switch (port 1).

I've added the two VLANs to the VLANS screen, and then chosen port 2 for 100 and port 3 for 200.

I would assume that if I plug a device into each one of these ports, I should get an address from the DHCP server of the respective pool. But I don't even get assigned an IP.

I'm not sure if I am missing something on the opnsense side of the mikrotik side.

Anyone have any suggestions?


Edit:

So upon further testing, it seems to be just the DHCP that is not working with the VLAN. If I assign the computer a static address within the range of the VLAN, and then plug it into the port assigned for that VLAN, everything works fine.