26.1 is out!!!

[franco]

No worries. The upgrade path is live now.  :)


Cheers,
Franco

[pavlon1988]

Just upgraded from 25.11 to 26.1 via the web-gui on a VM in Proxmox without any problems! :))

[donks]

Appears to be a bug when trying to create a rule in the new FW GUI that uses the q-feed blocklist alias.
I installed the Q-feed plugin as per the documentation and confirmed the API key is working and downloads the IP and DNS feed.
The alias is also populated with 200K odd entries.

The error when trying to save the rule is "__qfeeds_malware_ip is not a valid source IP address or alias"

When I create the rule using the old FW GUI, the rule is created without any issues.

[Monviech (Cedrik)]

Hello donks,

I just tried it out, I'm using qfeeds since a while with the new firewall rules GUI. For me on the current 26.1 release I can add and remove rules using the alias.

Are there any additional steps to reproduce?

[donks]

Hello donks,

I just tried it out, I'm using qfeeds since a while with the new firewall rules GUI. For me on the current 26.1 release I can add and remove rules using the alias.

Are there any additional steps to reproduce?

Okay interesting. I tried to create a rule on the WAN and LAN interface but both failed.  Perhaps I'll reboot my device and try again tomorrow.

[Monviech (Cedrik)]

Just to be sure I also tried it on my LAN interface too, I could also create the rule.

Maybe a reboot will help, but if it's a persistent issue then to post here, the qfeeds maintainer will see and test as well I suppose:

https://forum.opnsense.org/index.php?board=49.0

[julsssark]

Thank you to the awesome OPNSense team for another "boring" update. Updated to 26.1 without problem (boring). Removed unused ISC plugin and no longer see those legacy entries under Services (boring). Migrated to new rules interface without incident (boring). Love the new update! My pre-update snapshot will get deleted soon. Yawn :)

[sc00by1984]

Migrated to new rules interface without incident

i receive the following message when i try to import the rules to the new interface:

Code Select Expand

[interface] Option [enc0] not in list.In the interfaces overview i can see "enc0" but i can't do anything. It's a virtual machine running on Proxmox.

[amw-tue]

Appears to be a bug when trying to create a rule in the new FW GUI that uses the q-feed blocklist alias.
I installed the Q-feed plugin as per the documentation and confirmed the API key is working and downloads the IP and DNS feed.
The alias is also populated with 200K odd entries.

The error when trying to save the rule is "__qfeeds_malware_ip is not a valid source IP address or alias"

When I create the rule using the old FW GUI, the rule is created without any issues.

I experienced the same problem as donks described. Before that, I migrated the old rules to the new ones (via migration assistant and according to the process described there).
Later on that day I tried to setup q-feeds as written in their setup guide for opnsense.
I can confirm that it works in the old fw rules section, but not in the new one. As workaround I created this as an old rule and imported it within the new rules section.

Cheers, Mario

[OPNenthu]

Could someone with a Linux client that uses bridge interfaces try to reproduce this? 

I changed my switch port to get LAN access in order to perform rule migration in 26.1 and I noticed that my desktop client's bridge did not get a DHCP address on LAN (192.168.1.0/24).  The client was stuck with the IP address it had from the client network (172.21.30.0/24).

I also got SLAAC addresses on both networks with two active prefixes, which remained the case even when I switched the port back.  Not sure if that's expected but IIRC the interface would drop the prefix when switching ports.  At least that's how my laptop works, which is a raw interface with no bridge.

Code Select Expand

5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 24:xx:xx:xx:xx:cd brd ff:ff:ff:ff:ff:ff
    inet 172.21.30.100/24 brd 172.21.30.255 scope global dynamic noprefixroute br0
      valid_lft 69258sec preferred_lft 69258sec
    inet6 2601:xx:xxxx:3163:734f:7d77:3ab1:944b/64 scope global temporary dynamic
      valid_lft 86355sec preferred_lft 80370sec
    inet6 2601:xx:xxxx:3163:xxxx:xxx:xxxx:c3d/64 scope global dynamic mngtmpaddr noprefixroute
      valid_lft 86355sec preferred_lft 86355sec
    inet6 2601:xx:xxxx:3161:9bb7:5d29:2077:1560/64 scope global temporary dynamic
      valid_lft 81515sec preferred_lft 80370sec
    inet6 2601:xx:xxxx:3161:xxxx:xxxx:xxxx:30/64 scope global dynamic mngtmpaddr noprefixroute
      valid_lft 81515sec preferred_lft 81515sec
    inet6 fe80::xxxx:xxxx:xxxx:fb89/64 scope link noprefixroute

My setup is Dnsmasq for DHCP and RAs and I have "Identity Association" set on the interfaces.

This could be something that happened on my end only, but I'm not sure.  I don't think I've seen this before.

[donks]

Just to be sure I also tried it on my LAN interface too, I could also create the rule.

Maybe a reboot will help, but if it's a persistent issue then to post here, the qfeeds maintainer will see and test as well I suppose:

https://forum.opnsense.org/index.php?board=49.0

A reboot fixed my issue. I can now create the q-feed rules in the new FW GUI.