"Recent posts
#21
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist s...
Last post by OPNenthu - November 30, 2025, 09:30:29 PMI haven't enabled the per-network DNSBL on my end as of yet, but for those who are seeing this- are you using dynamic IPv6 prefixes? I'm looking at the Source Nets field and I don't know how you would even configure it for e.g. IA_PD.
AFAIK, we don't (yet) have any mechanism to track those for use in form fields like this. Am I misinformed, or is this feature presently limited to IPv4 and IPv6 networks where the prefixes are not changing?
In any case: https://github.com/opnsense/core/issues/9474
AFAIK, we don't (yet) have any mechanism to track those for use in form fields like this. Am I misinformed, or is this feature presently limited to IPv4 and IPv6 networks where the prefixes are not changing?
In any case: https://github.com/opnsense/core/issues/9474
#22
25.1, 25.4 Series / Re: tailscale issue
Last post by jmcgee - November 30, 2025, 08:59:57 PMSheridan Computers got back with me quickly on how to get the Tailscale plugin running.
#23
General Discussion / Is public-dns.info still activ...
Last post by Mpegger - November 30, 2025, 08:39:01 PMTo anyone in the know, is public-dns.info still actively updated? Thier last changelog entry is from 2020, and on the main front page the recent server last checked times all show 2 years ago. Thier Contact link also forwards to a different site.
If they aren't active anymore, is there another such actively updated public DNS server list that I can use in Opnsense as an alias for blocking purposes?
If they aren't active anymore, is there another such actively updated public DNS server list that I can use in Opnsense as an alias for blocking purposes?
#24
25.7, 25.10 Series / Re: Sonobus Configuration
Last post by RobNY - November 30, 2025, 08:22:08 PMThank you... I reconfigured as you suggested and it also works without needing to set a custom port in the application itself.
I'm still trying to understand why this is necessary if the application establishes the initial outbound connection. Is it because UDP is not stateful the same way TCP is with OPNsense (as it must have been with my old tp-link router)?
I'm still trying to understand why this is necessary if the application establishes the initial outbound connection. Is it because UDP is not stateful the same way TCP is with OPNsense (as it must have been with my old tp-link router)?
#25
25.7, 25.10 Series / Traffic from unassigned subnet...
Last post by Kets_One - November 30, 2025, 08:13:57 PMHi,
Today i noticed that suspicious traffic from LAN -> WAN was blocked by Q-Feeds (thanks Q-feeds).
What i cannot understand is where this traffic originated from: 192.168.90.100 (port 123).
This should be impossible, since the DHCP range that i use is 192.168.1.0/24.
No fixed IPs are assigned.
ARP Table does not show the source IP (192.168.90.100).
Hostname of the source IP is empty.
The destination was 94.16.122.152 (port 123).
While this may look as ordinary NTP traffic, the destination IP does not appear an NTP server (no response).
Also, why would the originating IP address be out of the DHCP range?
And why would the destination IP be on a Q-Feeds blocklist?
Is this a spoofing attempt? Is this legit?
What am i missing?
How to find out which client this originated from?
As a mitigation and while i am figuring this out I have:
- Blocked the ASN for the destination address in F/W;
- Allowed only 192.168.1.0/24 and 224.0.0.0/8 out from LAN into F/W.
Today i noticed that suspicious traffic from LAN -> WAN was blocked by Q-Feeds (thanks Q-feeds).
What i cannot understand is where this traffic originated from: 192.168.90.100 (port 123).
This should be impossible, since the DHCP range that i use is 192.168.1.0/24.
No fixed IPs are assigned.
ARP Table does not show the source IP (192.168.90.100).
Hostname of the source IP is empty.
The destination was 94.16.122.152 (port 123).
While this may look as ordinary NTP traffic, the destination IP does not appear an NTP server (no response).
Also, why would the originating IP address be out of the DHCP range?
And why would the destination IP be on a Q-Feeds blocklist?
Is this a spoofing attempt? Is this legit?
What am i missing?
How to find out which client this originated from?
As a mitigation and while i am figuring this out I have:
- Blocked the ASN for the destination address in F/W;
- Allowed only 192.168.1.0/24 and 224.0.0.0/8 out from LAN into F/W.
#26
25.7, 25.10 Series / Re: "The release type "opnsens...
Last post by LGDL - November 30, 2025, 07:54:37 PMQuoteThe system needed to upgrade the pkg tool first before it could use that to upgrade the rest of the system.
Well, yes, I can read that. Just not sure why this update would not be included in the installer.
#27
25.7, 25.10 Series / Re: unbound logger file increa...
Last post by Patrick M. Hausen - November 30, 2025, 07:53:59 PMNo idea - I mean, that's just the memory size of the process you are showing, not a file.
#28
25.7, 25.10 Series / Re: unbound logger file increa...
Last post by aperezva - November 30, 2025, 06:55:11 PMAny idea why?. Can I activate logs?. Its not normal 2 GB of oncrease in 5 minutes?. Right?
#29
General Discussion / Re: Trouble with VLAN setup on...
Last post by User074357 - November 30, 2025, 06:47:06 PMQuote from: Patrick M. Hausen on November 30, 2025, 12:55:44 AMYou are aware that value is editable?I was not aware. Good to know!
#30
25.7, 25.10 Series / Re: "The release type "opnsens...
Last post by Patrick M. Hausen - November 30, 2025, 06:41:45 PMThe system needed to upgrade the pkg tool first before it could use that to upgrade the rest of the system.
