"Recent posts
#1
26.1, 26,4 Series / Re: Unbound reporting stop wor...
Last post by franco - Today at 07:06:42 AMFor reference here is the relevant pull request on GitHub: https://github.com/numpy/numpy/pull/28896
The internal meeting is today. Just so you know I still owe you an answer here.
Cheers,
Franco
The internal meeting is today. Just so you know I still owe you an answer here.
Cheers,
Franco
#2
26.1, 26,4 Series / Re: Group rules with overlappi...
Last post by OPNenthu - Today at 07:01:15 AMYep, you're right. The groups are both set to sequence 2. My mistake.
Thanks!
Thanks!
#3
26.1, 26,4 Series / Re: Group rules with overlappi...
Last post by Monviech (Cedrik) - Today at 06:28:11 AMThe priority group number seems to be entirely decided by the number you put into the group itself when you create it.
Inside "Firewall - Groups" it has a sequence, and that influences the priority group.
EG all VPN groups will have 300010 because their Group Sequence is 10.
Inside "Firewall - Groups" it has a sequence, and that influences the priority group.
EG all VPN groups will have 300010 because their Group Sequence is 10.
#4
26.1, 26,4 Series / [solved] Group rules with over...
Last post by OPNenthu - Today at 06:05:56 AMAfter the upgrade from 26.1.9 -> 26.1.10 I am just now realizing an overlap in rule order between two interface groups when using the "All rules" filter in the new UI. My "IG_OUT_WAN" group is interspersed with the "IG_OUT_VPN" group. These are the only two affected.
Curiously, both groups are using the same "300002.xxx" sort order which should not happen, right? I think the last digit in the priority group should be unique per interface/group if I'm not mistaken.
I will roll back to the snapshot for 26.1.9 and check the rule ordering there but that's as far back as I can go. Was there a change in 26.1.10 that might affect this, or is it likely that this happened during my rule migration several releases ago and I never noticed?
I'm curious how this can happen. Are there issues with cloning rules between groups that might cause the priority group number to carried over, perhaps?
Curiously, both groups are using the same "300002.xxx" sort order which should not happen, right? I think the last digit in the priority group should be unique per interface/group if I'm not mistaken.
I will roll back to the snapshot for 26.1.9 and check the rule ordering there but that's as far back as I can go. Was there a change in 26.1.10 that might affect this, or is it likely that this happened during my rule migration several releases ago and I never noticed?
I'm curious how this can happen. Are there issues with cloning rules between groups that might cause the priority group number to carried over, perhaps?
#5
26.1, 26,4 Series / Re: Firewall Rules [new] popul...
Last post by Monviech (Cedrik) - Today at 05:52:50 AMBefore this update if you pressed Inspect in the nee Rules GUI it would show all automatic and legacy rules. Now it just always shows them.
They are collected via script and displayed only.
https://github.com/opnsense/core/blob/b4fa4cd2e2f6743eaf49e0523b2303fd31c3ee59/src/opnsense/service/conf/actions.d/actions_filter.conf#L199
Just like in the legacy GUI you will see a "Rules from Automation" header below the Automatic Rules header if you have actual rules defined in the new Rules GUI.
So you still have to migrate at some point in the future, but not right away if you still need more time. Don't worry.
This change was made because there was a constant struggle to find the automatic rules in the new GUI. But due to reasons, legacy rules and automatic rules come from the same endpoint internally. They're clearly marked though with their own distinct command symbol. If you click that, it will jump to the legacy rule page.
They are collected via script and displayed only.
https://github.com/opnsense/core/blob/b4fa4cd2e2f6743eaf49e0523b2303fd31c3ee59/src/opnsense/service/conf/actions.d/actions_filter.conf#L199
Just like in the legacy GUI you will see a "Rules from Automation" header below the Automatic Rules header if you have actual rules defined in the new Rules GUI.
So you still have to migrate at some point in the future, but not right away if you still need more time. Don't worry.
This change was made because there was a constant struggle to find the automatic rules in the new GUI. But due to reasons, legacy rules and automatic rules come from the same endpoint internally. They're clearly marked though with their own distinct command symbol. If you click that, it will jump to the legacy rule page.
#6
26.1, 26,4 Series / Re: Been driving me mad STAFF ...
Last post by Orionrise - Today at 05:34:59 AMQuote from: wincent on Today at 04:41:06 AMCould you post the configuration to take a look:Yeah I can do that for you this evening unfortunately day job is calling
System -> Gateways -> Configuration
AND
Interfaces -> Overview
#7
26.1, 26,4 Series / Re: Been driving me mad STAFF ...
Last post by Orionrise - Today at 05:33:20 AMQuote from: cookiemonster on June 15, 2026, 11:02:33 PMI was going to ask about Network Interfaces: All (recommended) but that is set correct.Morning I will Get you those details this evening unfortunately. The day job is calling
At this point I wonder if you have one of those obscure cases of VLANs mixing traffic with tagged and untagged. Can you check for that? What we're looking for is the setup, where your trunk to OPN has ONLY tagged traffic.
#8
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by BrandyWine - Today at 05:20:36 AMWell, we can look into the .40 and .80 files using iucode_tool utility, it will show us what ucode versions exist there. What you have now may be the latest.
Or maybe the bin is missing stuff?
The tool is not on freeBSD repo, but it is on Ubuntu repo, so I will get to look at it tomorrow.
Or maybe the bin is missing stuff?
The tool is not on freeBSD repo, but it is on Ubuntu repo, so I will get to look at it tomorrow.
#9
26.1, 26,4 Series / Firewall Rules [new] populated...
Last post by mlenje - Today at 05:01:52 AMI have been putting off running the migration assistant until I had time to set aside and be able to test everything. Tonight, when I upgraded to v26.1.10, the Firewall Rules [new] were populated. Are they active? Do I still run the migration assistant? Should I rollback to v26.1.9 and run the migration assitant before upgrading to v26.1.10? The relase notes say "o firewall: always show automatic and legacy rules in new rules GUI" but I judt thought that meant if you had already ran the migration assistant? Thoughts on next steps?
#10
26.1, 26,4 Series / Re: Been driving me mad STAFF ...
Last post by wincent - Today at 04:41:06 AMCould you post the configuration to take a look:
System -> Gateways -> Configuration
AND
Interfaces -> Overview
System -> Gateways -> Configuration
AND
Interfaces -> Overview
