"Recent posts
#1
Intrusion Detection and Prevention / Should I block outbound traffi...
Last post by Lucid1010 - Today at 09:10:28 PMI have currently opened only port 443 and the Wireguard port for my web service.
I'm also blocking inbound traffic from the WAN using several DB aliases, such as AbuseIPDB and Firehol.
Would it be a good idea to block outbound wan traffic as well?
I'm also blocking inbound traffic from the WAN using several DB aliases, such as AbuseIPDB and Firehol.
Would it be a good idea to block outbound wan traffic as well?
#2
25.7, 25.10 Legacy Series / Re: Adding VLAN and automatic ...
Last post by maelkoth72 - Today at 05:57:13 PMGot it! THANKS!
#3
General Discussion / Re: Open CVEs right after upda...
Last post by franco - Today at 05:28:59 PMPS: OpenVPN 2.6.20 is not vulnerable. The FreeBSD ports database is wrong but since they skipped the version there's no effort there to be more diligent.
#4
General Discussion / Re: Open CVEs right after upda...
Last post by franco - Today at 05:26:48 PMMost of it is Python. According to https://peps.python.org/pep-0719/ 3.13.14 will be out by Tuesday, 2026-06-09.
In the meantime we'd have to put in a lot of effort to micro manage Python fixes and potentially clashing with similar efforts in FreeBSD ports. It's not a good option for us at the moment with the priorities we have.
So, yes, 2026. Welcome to the future.
Cheers,
Franco
In the meantime we'd have to put in a lot of effort to micro manage Python fixes and potentially clashing with similar efforts in FreeBSD ports. It's not a good option for us at the moment with the priorities we have.
So, yes, 2026. Welcome to the future.
Cheers,
Franco
#5
General Discussion / Re: Open CVEs right after upda...
Last post by Nullman - Today at 04:55:29 PMWelcome to 2026.
#6
Q-Feeds (Threat intelligence) / Re: Q-feeds (Community Version...
Last post by Monviech (Cedrik) - Today at 04:55:02 PMIm not sure "total amount of blocks" is a good metric without "quality of individual blocks".
I find most blocklists that are available too intrusive and overly strict. In my opinion Qfeeds does a good job here with quality instead of quantity.
I find most blocklists that are available too intrusive and overly strict. In my opinion Qfeeds does a good job here with quality instead of quantity.
#7
General Discussion / Open CVEs right after update
Last post by mooh - Today at 04:53:25 PMJust after updating to 26.4_6 the security audit produces a list of 7 vulnerabilities with CVE. Is this the new normal now that AI is searching for them?
This is not meant to discredit the OPNsense maintainers, just a general question. I just want to be prepared for a time when running a firewall with known vulnerabilities is the new normal.
This is not meant to discredit the OPNsense maintainers, just a general question. I just want to be prepared for a time when running a firewall with known vulnerabilities is the new normal.
#8
Documentation and Translation / Suggestion: Include Business E...
Last post by pk2k - Today at 04:21:16 PMHi everyone,
first of all, thank you to the OPNsense team and all contributors for the amazing work you're doing. We've been using OPNsense Business Edition for quite some time now, and we really appreciate the stability, the feature set, and the pace at which improvements and fixes are delivered. It's clear how much dedication goes into this project.
I have a small suggestion regarding the Security Advisories published on GitHub (for example: GHSA-h3vx-4q27-rc42). Currently, the advisories list only the fixed versions for the Community Edition. For users of the Business Edition, this can make it a bit difficult to determine whether a specific BE release is already patched.
To illustrate the issue:
The advisory above states that the vulnerability is fixed starting with CE version 26.1.7. At the time the advisory was published, Business Edition 26.4 was already available. Based on the version numbers alone, one might assume that 26.4 includes the fix — but in reality, the patch was only included in 26.4_6. This information can be pieced together from forum posts and release notes, but it's not immediately visible from the advisory itself.
It would be extremely helpful if the Security Advisories could also include the corresponding fixed versions for the Business Edition. This would avoid confusion and save users from having to search through release notes or forum threads to confirm whether their systems are protected.
I hope this suggestion is helpful. Thanks again for all your hard work — it's very much appreciated.
first of all, thank you to the OPNsense team and all contributors for the amazing work you're doing. We've been using OPNsense Business Edition for quite some time now, and we really appreciate the stability, the feature set, and the pace at which improvements and fixes are delivered. It's clear how much dedication goes into this project.
I have a small suggestion regarding the Security Advisories published on GitHub (for example: GHSA-h3vx-4q27-rc42). Currently, the advisories list only the fixed versions for the Community Edition. For users of the Business Edition, this can make it a bit difficult to determine whether a specific BE release is already patched.
To illustrate the issue:
The advisory above states that the vulnerability is fixed starting with CE version 26.1.7. At the time the advisory was published, Business Edition 26.4 was already available. Based on the version numbers alone, one might assume that 26.4 includes the fix — but in reality, the patch was only included in 26.4_6. This information can be pieced together from forum posts and release notes, but it's not immediately visible from the advisory itself.
It would be extremely helpful if the Security Advisories could also include the corresponding fixed versions for the Business Edition. This would avoid confusion and save users from having to search through release notes or forum threads to confirm whether their systems are protected.
I hope this suggestion is helpful. Thanks again for all your hard work — it's very much appreciated.
#9
Q-Feeds (Threat intelligence) / Re: Q-feeds (Community Version...
Last post by lmoore - Today at 03:45:04 PMI installed Q-Feeds Communinty two weeks ago.
I created a rule to log all blocked traffic that otherwise wont be logged - the Default Deny rule has had its logging disabled.
Attached is a screen shot of the rules and the count of evaluations/blocked connections by each. 24-hours prior, the numbers were similar with the exception that FireHOL CIArmy had blocked 1 connection.
Doing the sums based upon the details of the evaluations for Q-Feeds and Nothing Else Blocked are;
Q-Feeds: 0.0632%
Nothing Else: 1.7778%
From these numbers, we can deduce Bitwire-IT blocked 98.159% of all blocked incoming connections.
Last night, after updating OPNsense to 26.1.7_3, which incidentally also updated Q-Feed Connector to version 1.5_3, I took this screen shot then disabled three of the listed rules.
Just took a screen shot of these rules a short while ago and you can see Q-Feeds blocked quite a few today. There was just one (persistent) miscreant that has attempted to telnet to my IP address and did so from 02:13am this morning, ceasing at 04:16pm this afternoon (14 hours).
It remains to be seen what Q-Feeds will block for me over the coming months.
I created a rule to log all blocked traffic that otherwise wont be logged - the Default Deny rule has had its logging disabled.
Attached is a screen shot of the rules and the count of evaluations/blocked connections by each. 24-hours prior, the numbers were similar with the exception that FireHOL CIArmy had blocked 1 connection.
Doing the sums based upon the details of the evaluations for Q-Feeds and Nothing Else Blocked are;
Q-Feeds: 0.0632%
Nothing Else: 1.7778%
From these numbers, we can deduce Bitwire-IT blocked 98.159% of all blocked incoming connections.
Last night, after updating OPNsense to 26.1.7_3, which incidentally also updated Q-Feed Connector to version 1.5_3, I took this screen shot then disabled three of the listed rules.
Just took a screen shot of these rules a short while ago and you can see Q-Feeds blocked quite a few today. There was just one (persistent) miscreant that has attempted to telnet to my IP address and did so from 02:13am this morning, ceasing at 04:16pm this afternoon (14 hours).
It remains to be seen what Q-Feeds will block for me over the coming months.
#10
German - Deutsch / Re: PSA: .de DNS Zone derzeit ...
Last post by drosophila - Today at 03:37:09 PMHab das gestern auch mitbekommen, glücklicherweise hatte ich an der Sensebox seit Tagen nichts gemacht und darum das Problem sofort für eine externe Störung gehalten und nur ganz allgemein hier reingeschaut. Dann tauchte auch schon hier Dein Thread auf und ich hatte was zu Lesen. :)
