Quote from: RobertoZ on Today at 07:23:51 PMI looked for a new "dumb" TV with no smart features. I quickly found out unless you want to buy a professional display costing almost as much as a car you are stuck with this scheiße.
</rant>
Quote from: lumilumi on June 06, 2026, 08:11:28 AMnot to say I know much - but isn't llm generated code extremely unsecure as well? Wouldn't that ruin the whole point of trying to use a firewall?
Quote from: Monviech (Cedrik) on Today at 05:55:28 PMTry if the loopback interfaces can always ping each other through the tunnel.
If thats the case, its not IPsec.
Some ping initiating something either sounds like the tunnel (a tunnel since its two, to be more precise) is not up, a firewall state is missing, or traffic is misrouted.
Quote from: keeka on Today at 06:51:26 PMI only forward DNS to the pihole for select clients. Everything else, inclusing the pihole, queries opnsense unbound directly, which is not using any DNSBL.That's effectively what the source-based Unbound policies allow you to do, since the OPNsense devs brought that into the community edition from the business edition some months ago. It was a game changer for reducing the need for external DNS, IMO.
Quote from: Monviech (Cedrik) on Today at 06:39:09 PMYou could use NAT to forward just the Roku requests directly to 8.8.8.8 for example. Or give it a dhcp reservation with an external dns server right away.