"Recent posts
#81
General Discussion / Re: Port OPNsense to Linux?
Last post by Patrick M. Hausen - March 30, 2026, 10:43:45 PMQuote from: Schroinx on March 30, 2026, 10:31:56 PM@Patrick
Can the functions be added to Linux's kernel, and would it make sense, if someone was to convince Linus about the importance of it?
No, definitely not. Linux suffers greatly from NIH (not invented here) syndrome, and while in BSD land (specifically FreeBSD) not everything is perfect - far from it, there is historic evidence that Linux in general and Linus in particular refused again and again to import working concepts and software for taste/political reasons more than technological ones.
E.g. netgraph, dtrace, ZFS, ...
ZFS is the only thing where I can relate to Linus. He more or less stated: "Unless I have a written statement by Larry Ellison (read: Oracle's legal department) that it's ok, I won't integrate ZFS into the Linux kernel for copyright reasons." Understandably so.
The barrier to get pf into the Linux kernel is huge - just forget it.
Linux has a working kernel firewall (or two or whatever - what do I know?) and that's what a Linux based firewall has got to use.
HTH,
Patrick
#82
Development and Code Review / Re: UniFi Gateway emulator
Last post by nero355 - March 30, 2026, 10:40:47 PMWhy do you want the USG in your UniFi Controller while all USG models are declared EOL officially and should be avoided since about 1 year ago ?!
I have replaced mine with OPNsense and I don't really miss it to be honest :)
But then again pfSense/OPNsense or the USG or simply use my xDSL Modem/Router from DrayTek with GlassFiber too was something I considered a long time ago anyway so you could say I am a bit biased...
I have replaced mine with OPNsense and I don't really miss it to be honest :)
But then again pfSense/OPNsense or the USG or simply use my xDSL Modem/Router from DrayTek with GlassFiber too was something I considered a long time ago anyway so you could say I am a bit biased...
#83
General Discussion / Re: Port OPNsense to Linux?
Last post by Patrick M. Hausen - March 30, 2026, 10:36:07 PMIt's not exactly a one VLAN limit but a four zones total limit as I found out. For whatever reasons. Seems silly.
But surely improving on that project to allow an arbitrary number of zones will be easier than "porting" OPNsense. What would the latter even mean? You can port parts of the UI but definitely not the rules and NAT sections because all of this works completely different (I am repeating myself ;-). So better focus on a Linux based product to begin with or create a new one. That's essentially my only point.
But surely improving on that project to allow an arbitrary number of zones will be easier than "porting" OPNsense. What would the latter even mean? You can port parts of the UI but definitely not the rules and NAT sections because all of this works completely different (I am repeating myself ;-). So better focus on a Linux based product to begin with or create a new one. That's essentially my only point.
#84
General Discussion / Re: Port OPNsense to Linux?
Last post by nero355 - March 30, 2026, 10:32:10 PMQuote from: pfry on March 30, 2026, 10:20:17 PMHeh: Did they ever fix their one-VLAN limitation?When I see all of this : https://www.ipfire.org/about
It sounds like a Licensing thing that you are talking about and not a limitation inside the underlying Linux distro ??
Also I know people who simply grabbed a Minimal Debian install and built their own DIY Router on top of that with IPTables/NFTables and some SystemD Networking Services ;)
#85
General Discussion / Re: Port OPNsense to Linux?
Last post by MrWizard - March 30, 2026, 10:31:56 PMSince Apple is not contributing much to BSD, then most of the lifting has to be done by volunteers, but as Linux is more widely used, thats likely also where many go to help out.
@Patrick
Can the functions be added to Linux's kernel, and would it make sense, if someone was to convince Linus about the importance of it?
@Patrick
Can the functions be added to Linux's kernel, and would it make sense, if someone was to convince Linus about the importance of it?
#86
General Discussion / Re: Port OPNsense to Linux?
Last post by pfry - March 30, 2026, 10:20:17 PMQuote from: Patrick M. Hausen on March 30, 2026, 08:47:27 PMAgain: why not simply use an existing Linux based firewall product like IPfire?[...]
Heh: Did they ever fix their one-VLAN limitation?
It's too bad Vyatta was sold so many times. A victim of endless management musical chairs. DANOS was kind of interesting. I imagine Ciena will dump it if AT&T and IBM stop paying for it.
#87
26.1 Series / Re: New IPv6 address assignmen...
Last post by meyergru - March 30, 2026, 10:14:55 PMIt does not do that per default. Identity association is the new version of the former "Track Interface". Thus, it depends on how many bits you have in your parent interface's prefix delegation size. AFAIK, you need a shorter than /64 prefix in order to be able to supply a full /64 prefix to any interface.
Maybe your ISP does not give you a /56 (which is pretty much the default) or you did not request as much on your WAN. How many bits is your IA_PD prefix?
Perhaps you should take a look at the official docs: https://docs.opnsense.org/manual/ipv6.html
Or my IPv6 guide (which is still based on track interface): https://forum.opnsense.org/index.php?topic=45822.0
Maybe your ISP does not give you a /56 (which is pretty much the default) or you did not request as much on your WAN. How many bits is your IA_PD prefix?
Perhaps you should take a look at the official docs: https://docs.opnsense.org/manual/ipv6.html
Or my IPv6 guide (which is still based on track interface): https://forum.opnsense.org/index.php?topic=45822.0
#88
26.1 Series / Re: Protectli FW6E cannot get ...
Last post by CyberTend - March 30, 2026, 10:14:42 PMWooHOO, thanks so much, disabling VGA console and USB based serial ports did the trick.
#89
Tutorials and FAQs / Re: HOWTO - Redirect all DNS R...
Last post by yourfriendarmando - March 30, 2026, 09:50:46 PMI just block outgoing access to port 853. I have it in an alias full of ports clients have no business accessing.
The alias is used in a Floating rule to block local nets from accessing ports to !local nets
The alias is used in a Floating rule to block local nets from accessing ports to !local nets
#90
Hardware and Performance / Re: Throughput on WAN took a n...
Last post by meyergru - March 30, 2026, 09:28:38 PMI know. I edited in parallel and now augmented my post.
