"Recent posts
#1
General Discussion / Girls In Your City - No Selfie...
Last post by Oliver2 - Today at 05:19:34 AMPrivate Girls From Your City - No Selfie - Anonymous Casual Dating
https://privatedates.life
Private Girls From Your Town - Anonymous Casual Dating - No Selfie
NEW GIRLS
Jamie Luna
Mistress Ivanka
Kriss Kiss
Lily Virgin
Mia Candy
Lola La Fleur
Kacy
https://privatedates.life
Private Girls From Your Town - Anonymous Casual Dating - No Selfie
NEW GIRLS
Jamie Luna
Mistress Ivanka
Kriss Kiss
Lily Virgin
Mia Candy
Lola La Fleur
Kacy
#2
Chinese - 中文 / ttyd for OPNsense
Last post by opnwall - Today at 04:43:22 AMWhen managing OPNsense firewalls, administrators often need to log in via SSH to execute commands, check logs, or perform advanced troubleshooting. While OPNsense offers a comprehensive WebGUI, a browser-integrated terminal is often more convenient for administrators accustomed to the command line. ttyd is a lightweight web terminal project that maps a local terminal to the browser, enabling a true web-based SSH experience. To simplify this process, I developed an OPNsense plugin that allows direct access to the system terminal via the browser after installation.
Installation method:
Uninstallation method:
Download Link:
ttyd for OPNsense
Disclaimer:
Unofficial plugin; use at your own risk.
Installation method:
Code Select
pkg add -f os-ttyd.pkgUninstallation method:
Code Select
pkg delete os-ttyd.pkgDownload Link:
ttyd for OPNsense
Disclaimer:
Unofficial plugin; use at your own risk.
#3
26.1, 26,4 Series / Re: Unbound reporting stop wor...
Last post by wincent - Today at 04:23:15 AMThe CPU is soldered onto the motherboard, and for a customized motherboard with Checkpoint, the entire device can only be upgraded :(
#4
26.1, 26,4 Series / Re: OPNSense forwarding packet...
Last post by Seimus - Today at 12:56:49 AMBut I didnt say anything about a switch/L2 loop :)
I am not saying that there is not a potential BUG.
I am just saying you should have protection against BUM traffic no matter if its or is not a BUG.
Regards,
S.
I am not saying that there is not a potential BUG.
I am just saying you should have protection against BUM traffic no matter if its or is not a BUG.
Regards,
S.
#5
26.1, 26,4 Series / Re: OPNSense forwarding packet...
Last post by ChristopherL - June 14, 2026, 11:29:47 PMThanks, but I believe you are mistaken. There is no switching loop and Flooding unknown unicast traffic occurs naturally on every layer 2 network. The excessive unknown unicast is being generated when the firewalls route packets with mismatched ethernet destinations that they should be discarding. The TCPDump above demonstrates this happening.
Moreover, if there was a switching loop we would see a lot broader impact, we wouldnt see TTL expired messages, we would see more than just a couple of duplicate packets most of the time, and the issue wouldn't come and go regularly in the way that it was.
Storm control on the firewall interfaces would interfere with CARP. UUFB also would interfere with connectivity to the firewalls, especially as they use two MAC addresses (the interface MAC and the CARP MAC).
Forwarding incorrect packets is a documented bug in FreeBSD that will affect any OPNSense deployment that enables netflow and CARP on the same interface.
Moreover, if there was a switching loop we would see a lot broader impact, we wouldnt see TTL expired messages, we would see more than just a couple of duplicate packets most of the time, and the issue wouldn't come and go regularly in the way that it was.
Storm control on the firewall interfaces would interfere with CARP. UUFB also would interfere with connectivity to the firewalls, especially as they use two MAC addresses (the interface MAC and the CARP MAC).
Forwarding incorrect packets is a documented bug in FreeBSD that will affect any OPNSense deployment that enables netflow and CARP on the same interface.
#6
26.1, 26,4 Series / Re: Network connections are di...
Last post by Monviech (Cedrik) - June 14, 2026, 09:19:32 PMThe only thing I know here that it's generally not a problem because the latest installed SA wins.
Duplicate SAs can be normal during rekeying.
Check your logs if you can find the reason why multiple SAs have been created, there should be some evidence.
Trap+Start as start action could be changed to "Start" if you want to be initiator or "None" if the other side should initiate. Finding out who is the best initiator can help with some of these quirks.
Duplicate SAs can be normal during rekeying.
Check your logs if you can find the reason why multiple SAs have been created, there should be some evidence.
Trap+Start as start action could be changed to "Start" if you want to be initiator or "None" if the other side should initiate. Finding out who is the best initiator can help with some of these quirks.
#7
26.1, 26,4 Series / Re: OPNSense not able to re-cl...
Last post by pfry - June 14, 2026, 08:45:50 PMQuote from: Afif on June 14, 2026, 04:14:25 PMI'm not using ZFS on this system.[...]
Here's mine as an example. ~200 log files with an average size of ~90MB (file system defaults, firewall only, no netflow or hostwatch, most rule logging enabled, averaging a few hundred connections at any given moment), consuming... <3.3GB (I didn't bother to get a precise compression ratio).
Code Select
root@fw:/home/user # df -hT
Filesystem Type Size Used Avail Capacity Mounted on
zroot/ROOT/default zfs 1.4T 1.4G 1.4T 0% /
devfs devfs 1.0K 0B 1.0K 0% /dev
/dev/gpt/efiboot0 msdosfs 260M 1.3M 259M 1% /boot/efi
zroot/var/mail zfs 1.4T 112K 1.4T 0% /var/mail
zroot zfs 1.4T 96K 1.4T 0% /zroot
zroot/tmp zfs 1.4T 3.4M 1.4T 0% /tmp
zroot/usr/ports zfs 1.4T 96K 1.4T 0% /usr/ports
zroot/home zfs 1.4T 140K 1.4T 0% /home
zroot/var/audit zfs 1.4T 96K 1.4T 0% /var/audit
zroot/var/tmp zfs 1.4T 96K 1.4T 0% /var/tmp
zroot/var/crash zfs 1.4T 96K 1.4T 0% /var/crash
zroot/var/log zfs 1.4T 3.3G 1.4T 0% /var/log
zroot/usr/src zfs 1.4T 96K 1.4T 0% /usr/src
devfs devfs 1.0K 0B 1.0K 0% /var/dhcpd/dev
root@fw:/home/user # zpool get feature@lz4_compress,feature@zstd_compress
NAME PROPERTY VALUE SOURCE
zroot feature@lz4_compress active local
zroot feature@zstd_compress enabled local
root@fw:/home/user # ls -la /var/log/filter
total 3252314
drwx------ 2 root wheel 203 Jun 14 08:01 .
drwxr-xr-x 17 root wheel 39 Jun 14 03:01 ..
-rw------- 1 root wheel 87636510 Nov 27 2025 filter_20251127.log
-rw------- 1 root wheel 113842291 Nov 28 2025 filter_20251128.log
-rw------- 1 root wheel 66937381 Nov 29 2025 filter_20251129.log
-rw------- 1 root wheel 63962720 Nov 30 2025 filter_20251130.log
-rw------- 1 root wheel 65829378 Dec 1 2025 filter_20251201.log
-rw------- 1 root wheel 59705785 Dec 2 2025 filter_20251202.log
-rw------- 1 root wheel 65167863 Dec 3 2025 filter_20251203.log
-rw------- 1 root wheel 58694081 Dec 4 2025 filter_20251204.log
-rw------- 1 root wheel 57220899 Dec 5 2025 filter_20251205.log
-rw------- 1 root wheel 58380288 Dec 6 2025 filter_20251206.log
[...]
-rw------- 1 root wheel 112167589 Jun 5 23:59 filter_20260605.log
-rw------- 1 root wheel 100272143 Jun 6 23:59 filter_20260606.log
-rw------- 1 root wheel 89032171 Jun 7 23:59 filter_20260607.log
-rw------- 1 root wheel 97640115 Jun 8 23:59 filter_20260608.log
-rw------- 1 root wheel 96846494 Jun 9 23:59 filter_20260609.log
-rw------- 1 root wheel 85642933 Jun 10 23:59 filter_20260610.log
-rw------- 1 root wheel 88817261 Jun 11 23:59 filter_20260611.log
-rw------- 1 root wheel 91362771 Jun 12 23:59 filter_20260612.log
-rw------- 1 root wheel 89815402 Jun 13 23:59 filter_20260613.log
-rw------- 1 root wheel 35648453 Jun 14 08:57 filter_20260614.log
lrwxr-x--- 1 root wheel 35 Jun 14 08:01 latest.log -> /var/log/filter/filter_20260614.log
root@fw:/home/user #
#8
26.1, 26,4 Series / 26.1.9: Health graphs do not b...
Last post by camellia - June 14, 2026, 06:55:00 PMHi everyone
Prior to 26.1.8_5, the value of Collected Reports was zero in the power-off time Health graphs. However, in 26.1.9, in the power-off time Health graphs, the value of Collected Reports is constant but not zero.
The following is an example of a Health graph for Quality, but the phenomenon is similar for other categories. Power-off time is from around 7:00 to around 18:00.
You cannot view this attachment.
Prior to 26.1.8_5, the value of Collected Reports was zero in the power-off time Health graphs. However, in 26.1.9, in the power-off time Health graphs, the value of Collected Reports is constant but not zero.
The following is an example of a Health graph for Quality, but the phenomenon is similar for other categories. Power-off time is from around 7:00 to around 18:00.
You cannot view this attachment.
#9
26.1, 26,4 Series / Re: Maltrail Failed to establi...
Last post by Othvez - June 14, 2026, 06:41:38 PMThe errors suggest that the issue is no longer fail2ban access itself, but that the Maltrail service listening on 127.0.0.1:8338 is stopping or crashing intermittently. Since the alias works for a while and then starts returning "Connection refused", I'd check whether the Maltrail sensor/server process is still running when the errors occur and review the Maltrail logs around that time. It may be worth investigating why the service on port 8338 is terminating rather than focusing on the allowlist configuration.
#10
German - Deutsch / Re: Firewallkonfiguration für ...
Last post by andyknownasabu - June 14, 2026, 05:39:23 PMSuper Danke! In dem Fall brauche ich meine Firewall-Regeln dann gar nicht mehr?
EDIT: Doch, anscheinend schon wie ich gerade gesehen habe.
EDIT: Doch, anscheinend schon wie ich gerade gesehen habe.
