Recent posts

#1
26.1, 26,4 Series / Re: [solved] Lost outbound NAT...
Last post by keeka - Today at 07:46:32 AM
Am I right in thinking, after upgrading to 26.1.11, we should switch back to hybrid mode under Outbound NAT?
I had turned this off following migration of my rules to SNAT as I had noticed SNAT rules got generated regardless of the selected mode.
#2
26.1, 26,4 Series / Re: Monit - Service restarting...
Last post by bucker00 - Today at 07:45:03 AM
Worded badly on my part about the Name field, definitely no need for spaces there but they were previously allowed was my point.
Thanks Franco - that's got it fixed, much appreciated!
#3
26.1, 26,4 Series / Re: Upgrade to 26.1.11 Stuck a...
Last post by amichel - Today at 07:36:53 AM
No I was at 26.10.
But all Solved now, I tried it again from the console and it worked like a charm.'
thank you all for your help and the inputs
#4
26.1, 26,4 Series / Re: [solved] Lost outbound NAT...
Last post by franco - Today at 07:34:59 AM
You can only migrate outbound NAT manual(or "hybrid") rules. You don't seem to have any. There's nothing to migrate. Automatic rules are automatic and come from the same place for both components just for visibility.


Cheers,
Franco
#5
26.1, 26,4 Series / Re: Monit - Service restarting...
Last post by franco - Today at 07:33:37 AM
Hi,

I agree about what you said except for name, but maybe I'm missing something:

https://github.com/opnsense/core/blob/10a27499b31770521cfda524d1efecb2eb3fb3f1/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml#L185

# opnsense-patch https://github.com/opnsense/core/commit/b86fb9946

Unfortunately, the security design of monit is non-existent and in hindsight it should have never have been merged to core.


Cheers,
Franco
#6
26.1, 26,4 Series / Re: [solved] Lost outbound NAT...
Last post by OPNenthu - Today at 06:55:21 AM
Thanks for the link.  Re-reading the release notes and also the submitter's comments in that ticket, it sounds like there should have been a SNAT migration option but I am missing it.  Did I overlook something or is there a way I can get it back, so that I can migrate the rest of them (the automatic ones)?
#7
26.1, 26,4 Series / Re: Upgrade to 26.1.11 Stuck a...
Last post by franco - Today at 06:46:15 AM
Were you on 26.1.8/.9? If yes it could be the bug that was introduced in .8 and fixed in .10 that buffered the update log output.


Cheers,
Franco
#8
26.1, 26,4 Series / Re: [solved] Lost outbound NAT...
Last post by franco - Today at 06:44:42 AM
PPP-related rules may not show up yet in the source NAT GUI but automatic rules were not touched by the change so it's a cosmetic thing:

https://github.com/opnsense/core/issues/10479


Cheers,
Franco
#9
Zenarmor (Sensei) / Re: App Control Definition Upd...
Last post by nutty_net - Today at 06:42:45 AM
Thanks sy. 

Because new services consistently come to market, I understand it can be difficult to keep up but I'm hoping Zenarmor will be able to help provide additional coverage over time by adding applications.  I also saw the option to add custom applications, which I can look at adding and contributing feedback when I can. 

To give some examples of applications that I saw missing from Zenarmor when comparing to the other product:

I will watch the release notes too for additions. 
#10
Quote from: BrandyWine on Today at 12:50:56 AMIf I use the literal definition of forwarding ethernet frames, yes, she is wrong. There is no "forwarding" decisions being done at L3. There's only next-hop decision at L3, which is not "forwarding".

The action of an intermediate system to receive a frame for which it is not the final destination and passing it on based on some next hop decision has been called forwarding for decades. That's the definition of forwarding. I don't know where you get your "literal definition of forwarding ethernet frames" from. I suggest you read the definite textbook on the topic.



BTW: the sysctl variables that enable or disable routing (layer 3) in FreeBSD are called:

net.inet.ip.forwarding: 1
net.inet6.ip6.forwarding: 1