Recent posts

#91

25.7, 25.10 Series / Re: Unbound to forward .home d...

Last post by nero355 - January 07, 2026, 12:14:04 AM

but now we have .internal as well (used in OPNsense documentation e.g. Dnsmasq examples).

I believe it was introduced as a solution for all those people using .local while they shouldn't because of mDNS conflicts and breaking a lot of stuff...

So far I have not seen any conflicts or weird issues when using thuis.lan so if your German for example you could use zuhause.lan or something like that : It's basically home.lan but since the home part is tricky I would maybe use athome.lan if you are English/American :)

#92

25.7, 25.10 Series / Re: Looking ahead at Firewall-...

Last post by OPNenthu - January 07, 2026, 12:12:47 AM

Are there additional elements to the "Automation" UI?

26.1 would be my first time using it so I'm not familiar enough to say if anything significant has been added, however there at least was some polishing done: https://github.com/opnsense/core/issues/9145.

Looks like a mix of UI tweaks and fixes.  Honestly haven't gone through it in depth but the description sounds like @Monviech is at least happy with where it's at.

As long as I'm not losing any functionality I might give it a try.  I'm tempted by the new categorization/filtering options in the UI.  There are only a few advanced things that I use currently from the traditional rules: gateway (for VPN), tagging/matching (also for VPN), and I have one odd rule that uses "allow IP options" (IGMP).  I think those are all there in Automation, too.

I have a rather complicated F/W groups setup though and will be interesting to see how that translates.

#93

25.7, 25.10 Series / Re: static IP configured on ho...

Last post by nero355 - January 07, 2026, 12:08:28 AM

do I need to specify every host in overrides?
on top of localdomain, I have also some hosts, that I call with domain: "myhome" (i.e. books.myhome, movies.myhome)
I have an override:

all from *.myhome -> nginix.localdomain

and on that nginix proxy I have proper redirects i.e. books.myhome -> http://192.168.10.31:8081
etc

but now you say I shall put as many lines in overrides as many hosts with static IP set by host?
that will be double work, right?
If I get it correctly, then it might be easier to set static IPs on the opnsense instead...

I think you figured it our yourself already :)

And IMHO there is nothing wrong with such a setup : I do something similar for all the hosts/clients on my network so I can reach them by both IP address and domain address.

If the container/VM/whatever does not get its IP address from DHCP, OPNsense simply does not know about it.

that was actually my thinking as well - how the heck would DNS know what my name/domain is, if I never asked network for IP... ;)

In case you are using Pi-Hole and know how to script/dev stuff you could build something based on the data shown @ https://<ip_address>/admin/network where basically each Client of your DNS Server (FTLDNS) is shown with both it's MAC and IP address and when the first and last activitiy of that Client was ;)

#94

25.7, 25.10 Series / Re: [Small Feature Request] Mo...

Last post by nero355 - January 06, 2026, 11:57:14 PM

My two cents are that this is not going to happen

TBH : I totally forgot that ISC will be EOL eventually when I created this topic.

But it's weird that no one has ever requested this apparently...

and you should switch to either DNSmasq or Kea either way.

When the OPNsense Team decides we all should/must switch eventually then I will switch too ofcourse! ;)

If a feature is not exposed or you want to change something on the GUI of those two, open a GitHub ticket.

I will remember to do so in the future.

#95

25.7, 25.10 Series / Re: Looking ahead at Firewall-...

Last post by pfry - January 06, 2026, 11:31:48 PM

[...]Question: if I want to migrate my rules to the new UI as an early adopter (and I'm not interested in using APIs), is the recommended approach to just start over with a fresh install?[...]

Are there additional elements to the "Automation" UI? All of my rules are in there (all applied to bridges, if that matters); the stats seem to work; the only command available is "Lookup Rule", which switches to the traditional edit page for the rule.

#96

General Discussion / Re: Adding a VLAN to a transpa...

Last post by Patrick M. Hausen - January 06, 2026, 11:26:33 PM

What would be the purpose of a transparent bridge with an additional interface connected and assigned an IP from the bridged subnet?

As far as I understand most people deploying the transparent filtering bridge use a dedicated management interface. Connected to the "inside" of the filtering bridge by the switch in the setup. That interface is used for OPNsense's Internet uplink (besides UI access, obviously) and the bridge is strictly for filtering without changing the ISP router topology, DHCP server and the like.

#97

25.7, 25.10 Series / Re: Updating URL table Alias l...

Last post by pfry - January 06, 2026, 11:21:52 PM

I'm missing how this is different from the refresh interval. Or are you just looking to vary the timing a bit? (Boredom?)

#98

Hardware and Performance / Re: [solved] Intel i226 Firmwa...

Last post by BrandyWine - January 06, 2026, 11:21:32 PM

@bbin,
Try this zip for v1.94. I think I got this out of an Intel bundle from back in Sept2025.
https://tinyurl.com/i225fw194

Unfortunately, using the bin from this zip with the bsd util doesn't always work that way, bin's can be compiled for use with specific flash utils, so you may need to boot into windoze and flash it from there. But I don't have any 225's so I am not sure if this specific v1.94 is the one for your 225.

#99

General Discussion / Re: Adding a VLAN to a transpa...

Last post by pfry - January 06, 2026, 11:16:29 PM

[...]Yet I wonder if in the case of a transparent filtering bridge[...]

What would be the purpose of a transparent bridge with an additional interface connected and assigned an IP from the bridged subnet? That's just a non-transparent bridge with extra steps. It may be doable, and, of course, it's up to the individual, but offhand I'd expect it to be a bit loopy. Could be an interesting experiment for our guinea pig, I suppose.

#100

General Discussion / Re: Adding a VLAN to a transpa...

Last post by Patrick M. Hausen - January 06, 2026, 10:50:11 PM

@pfry this is all true and dandy for a LAN bridge or any bridge intended to turn 2 or more interfaces into a "switch". Specifically the part about the IP addresses not being assigned to any bridge members. In FreeBSD this is explicitly forbidden.

Yet I wonder if in the case of a transparent filtering bridge you can do the same of if you necessarily need another dedicated management interface. Of course that would be easiest for the OP.

- have a transparent filtering bridge without any IP address, not on the bridge, not on the members
- have a dedicated management interface in the network managed by the ISP router with an IP address and a default gateway
- NAT outbound on that interface for your new VLAN

Again: untested but that looks like the cleanest way to implement this to me. Your switch (which I assume you have when running a transparent bridge setup) can take care of all the separation into VLANs.