"Recent posts
#91
26.1 Series / Re: Suricata - Divert (IPS)
Last post by xpendable - February 01, 2026, 03:53:42 PMQuote from: Arien on February 01, 2026, 10:32:57 AMSo, if this mode may be associated with a specific PF rule, how can I inspect normal browsing traffic (HTTP/DNS/FTP)?
I mean, in IPS/IDS mode I can just test Suricata with "curl http://testmynids.org/uid/index.html" and I see the alert, but this won't happen in Divert mode.
So what I've done now is a more targeted approach I would say and have only added the Divert-to Intrusion Detection on my existing rules. I added it to my VPN rule for the WAN interface that exposes that port and I enabled it on the LAN default allow to any rule. Putting it on the default LAN out rule doesn't hurt, but the benefit may vary I suppose depending on your use case.
I would imagine if you added/enabled Divert-to Intrusion Detection on the "Default allow LAN to any rule", that would probably catch those tests. If you want to catch that traffic coming in on the WAN (as in initiated from the internet) and you have existing rules for those open ports, then you would add/enable Divert-to Intrusion Detection on those rules. However if you don't have existing rules for open ports, I would suggest to NOT create rules for that purpose.
I hope I didn't cause to much confusion from my earlier lack of understanding on how this new mode really worked.
#92
26.1 Series / Re: Nextcloud Backup creates m...
Last post by muchacha_grande - February 01, 2026, 03:28:15 PMOk... thank you
I've closed the request.
I've closed the request.
#93
German - Deutsch / Re: OPNsense hinter einer DS-l...
Last post by Patrick M. Hausen - February 01, 2026, 03:24:46 PMDu würdest m.E. deine Dienste einfach nur über IPv6 verfügbar machen. Weiter weiß ich auch nicht, ich habe einen vernünftigen Provider 😉
#94
26.1 Series / Re: Nextcloud Backup creates m...
Last post by franco - February 01, 2026, 03:23:43 PMThere will be no flip-flopping. If you want you can install the plugin from the stable/25.7 branch and lock the package.
Cheers,
Franco
Cheers,
Franco
#95
26.1 Series / Re: Nextcloud Backup creates m...
Last post by muchacha_grande - February 01, 2026, 03:22:00 PMI have opened a feature request to have an option that allows the user to opt for the previous behavior.
The problem with backing up the conf/backup directory is that when using nginx plugin, it uses the configuration to maintain the list of banned IPs, and this changes the config many times per day generating a huge amount of files.
I don't need to backup every of theses configs. So having the chance to use the original method would be useful in my case.
The problem with backing up the conf/backup directory is that when using nginx plugin, it uses the configuration to maintain the list of banned IPs, and this changes the config many times per day generating a huge amount of files.
I don't need to backup every of theses configs. So having the chance to use the original method would be useful in my case.
#96
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - February 01, 2026, 02:55:20 PMI've tried the OPNsense web Gui and it is reachable. It was always disabled for WAN. In OPNSense I had, and still have, System -> Settings : Listen Interfaces ALL (recommended).
Looks like I have to change this to LAN and Wireguard only(?) although it is not recommended?
Can you reproduce?
I have not made any rules for the OPNsense gui to be reachable on wan
Im on OPNsense 26.1_4-amd64
and migrated to the rules (new) and deleted the old rules.
Looks like I have to change this to LAN and Wireguard only(?) although it is not recommended?
Can you reproduce?
I have not made any rules for the OPNsense gui to be reachable on wan
Im on OPNsense 26.1_4-amd64
and migrated to the rules (new) and deleted the old rules.
#97
German - Deutsch / Re: OPNsense hinter einer DS-l...
Last post by W0nderW0lf - February 01, 2026, 02:43:14 PMIch hatte vor Ewigkeiten mal ipv6 auch über die OPNsense eingerichet, aber aus irgendeinem Grund wieder verbannt.
Also einrichten könnte ich das bestimmt wieder, aber was bräuchte ich sonst noch?
Müsste ich im Grunde nur mein DynDNS auf v6 umstellen, oder bräuchte ich noch diese AFTR bzw das ds-lite interface?
Also einrichten könnte ich das bestimmt wieder, aber was bräuchte ich sonst noch?
Müsste ich im Grunde nur mein DynDNS auf v6 umstellen, oder bräuchte ich noch diese AFTR bzw das ds-lite interface?
#98
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by meyergru - February 01, 2026, 02:38:37 PMHow would that work? The anti-lockout rules are for the LAN interface as source only. Did you actually see those two ports open from the WAN side?
#99
German - Deutsch / Re: ACME Plugin DNS-01 Challan...
Last post by ChrisChros - February 01, 2026, 02:35:41 PM #100
Hardware and Performance / Re: Starting homelab network -...
Last post by TheRealDoug - February 01, 2026, 02:33:39 PMI am running the VP2430 as my main router with 8G of ram and multiple vlans. I use the default LAN for my house stuff (wife's computer and all wireless); then I use port 3 run directly to my office with two vlans. A vlan for my main stuff (work computer, personal workstation, and my nas), then another vlan that runs to a VP6650 running a virtual OPNSense and all of my home services (*ARR, Plex, etc) and my actual lab (4 DMZ networks that is 100% virtual).
I have had zero performance issues from the VP2430. System runs around 0.16 load average and around 1G system memory usage and about 2G for ARC.
I went with the all in one solution (Protectli) lab network to be stable, and my network lab to be easily rebuildable (virtualized).
I have had zero performance issues from the VP2430. System runs around 0.16 load average and around 1G system memory usage and about 2G for ARC.
I went with the all in one solution (Protectli) lab network to be stable, and my network lab to be easily rebuildable (virtualized).
