The following lines were added (+) and removed (-):
OPNSense Documentation* https://docs.opnsense.org/:* [[https://docs.opnsense.org/manual/install.html installation]](1) via dns:(1) '''DNSBL''' via dns:''* Note: You have just blocked a web address or IP address and you notice a network client still has access. There is probably an active state established in the state pool and therefore the client continues to use a blocked site. In pfSense versioin 21.0.x goto DIAGNOSTICS -> STATES and either remove the specific active state or "Reset States" which will reset all client connections on the lan.'' === Using pfBlockerNG ===Differences between '''IPBL''' and '''DNSBL''' with the pfBlockerNG plugin*DNSBL uses Unbound (DNS Resolver) to block network clients from accessing specified domains*IPBL creates firewall rules to block network clients from accessing IPs and to keep those IPs from accessing the network. DSNBL only has Unbound or Disabled, IPBL has a variety of actions, Denying inbound, outbound, both or simply matching and logging the traffic. IPBL has as many modes of enforcement of a firewall rule because it uses firewall rules to block traffic, where DNSBL simply uses the DNS resolver to send the client a different answer.Per HOST or Per USER note: pfBlockerNG is not the best way to providing filtering while exempting specific hosts on the network. Although possible, it is problematic and difficult to configure.== Troubleshooting ===== The following CA/Certificate entries are expiring ===Beginning with 2.5.0 pfSense also allows you to renew the certificate in the web GUI in System > Certificate Manager > Certificates.* Certificates are managed from System > Cert Manager, on the Certificates tabUsing pfSense as a Certificate Authority for your network: For network Chain of Trust.=== Force a DHCP lease to expire without impacting all other client leases ===If you give a static lease assignment after a client already has a dynamic lease, and you wish to trigger that client workstation or device to stop using the old dynamic IP from the previous lease and start using the new IP that was static mapped for it, without having physical access to the client device... here is what you do:# In the GUI, go to Diagnostics/Edit File and load /var/dhcpd/var/db/dhcpd.leases~# Do the same for /var/dhcpd/var/db/dhcpd.leases# goto Services -> DHCP Server and RESTART the DHCP server service.== Related ==* [[Classful Networks and CIDR Routing]]* [[Facebook Filtering With a SOHO Firewall]]