"Recent posts
#81
Development and Code Review / Re: Delete one firewall rule o...
Last post by Monviech (Cedrik) - December 03, 2025, 11:18:00 AMI have never heard of this behavior before, it is quite strange. Are you confident it is a bug and can be reproduced?
If yes can you open a github ticket, and also share the config.xml file that you used?
Or more specific /a/ config.xml file it can be reproduced with, does not have to be a production one after all.
If yes can you open a github ticket, and also share the config.xml file that you used?
Or more specific /a/ config.xml file it can be reproduced with, does not have to be a production one after all.
#82
25.7, 25.10 Series / Re: Suricata IPS Mode
Last post by turipriv - December 03, 2025, 11:10:11 AM #83
25.7, 25.10 Series / [SOLVED] Feature Request: DNS-...
Last post by Zwiebelhacker - December 03, 2025, 10:49:59 AMHy everyone,
I'm not sure if this is the right place for feature requests, but I'd like to ask for DNS-01 validation support in the ACME functionality of the OPNWAF Plugin in the Business Edition.
Right now, I can only find HTTP-01 validation in the Business ACME integration. Maybe I overlooked something, but DNS-01 support doesn't seem to be available.
Since the ACME plugin in the Community Edition already supports DNS-01, it would be extremely helpful to have the same capability in the Business Edition. Especially for environments where HTTP validation isn't possible (internal services, restricted firewalls, wildcard certificates, etc.).
Thanks, and apologies if this post should be placed elsewhere!
I'm not sure if this is the right place for feature requests, but I'd like to ask for DNS-01 validation support in the ACME functionality of the OPNWAF Plugin in the Business Edition.
Right now, I can only find HTTP-01 validation in the Business ACME integration. Maybe I overlooked something, but DNS-01 support doesn't seem to be available.
Since the ACME plugin in the Community Edition already supports DNS-01, it would be extremely helpful to have the same capability in the Business Edition. Especially for environments where HTTP validation isn't possible (internal services, restricted firewalls, wildcard certificates, etc.).
Thanks, and apologies if this post should be placed elsewhere!
#84
General Discussion / Re: Where should I put the mai...
Last post by Patrick M. Hausen - December 03, 2025, 10:28:09 AMSpecifically given that you need explicit rules for the most basic network communications between the clients on one side of the bridge and the router on the other one. ARP, NDP, DHCP, SLAAC, ...
Unless of course you just "allow any any" - but then, what's the point?
Unless of course you just "allow any any" - but then, what's the point?
#85
General Discussion / Monit when WAN link is dropped
Last post by Albertk - December 03, 2025, 10:27:02 AMHi,
Is there an example where when the wan link is down to execute a script.
Thank you.
Is there an example where when the wan link is down to execute a script.
Thank you.
#86
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist s...
Last post by meyergru - December 03, 2025, 10:26:16 AM...or else they'll fix that problem! ;-)
#87
General Discussion / Re: Where should I put the mai...
Last post by meyergru - December 03, 2025, 10:25:01 AMIs that possible with a transparent bridge setup? I frankly do not know...
And BTW: Does Home Network Guy not specifically cover that basic question, which should come up all the time with such setups, I imagine?
Oh, yes, he does. By creating a MGMT interface and bridging that to WAN. How elegant and intuitive.
I still do not get how people think that a transparent bridge would be easier than a routed setup.
And BTW: Does Home Network Guy not specifically cover that basic question, which should come up all the time with such setups, I imagine?
Oh, yes, he does. By creating a MGMT interface and bridging that to WAN. How elegant and intuitive.
I still do not get how people think that a transparent bridge would be easier than a routed setup.
#88
General Discussion / Re: Access HTTPs and SSH from ...
Last post by Albertk - December 03, 2025, 10:24:14 AMQuote from: Patrick M. Hausen on December 03, 2025, 09:49:56 AMIs the host "on the Internet" from which you are testing actually connected to the same network as the WAN interface of OPNsense? I.e. is there an Ethernet instead of a point to point connection between OPNsense and the uplink router? And you are testing from that network?
In that case: Firewall > Settings > Advanced > Disable reply-to.
That fix it. Thanks.
#89
Development and Code Review / Re: Delete one firewall rule o...
Last post by patient0 - December 03, 2025, 10:23:12 AMQuote from: Monviech (Cedrik) on December 03, 2025, 10:11:30 AMDo you already have "Destination NAT" instead of "Port Forward" under NAT?No, it is still called 'Port Forward', of which I have two + an Outbound NAT for IPv6.
Addition: Deleting one of the port forward rules make them all (two) disappear). In that use case there is again a <rule>...</rule> added. <rule> after </outbound> and </rule> before </nat>. Removing them resolves it.
#90
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist s...
Last post by Monviech (Cedrik) - December 03, 2025, 10:13:37 AMBetter do not call them and do not wake sleeping dogs. :)
