OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.
OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time. A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.
Feature
- Dashboard
OPNsense offers a dashboard feature to quickly check the status of your OPNsense Firewall.Shown is the latest version with drag and drop multi collumn support.- Modern User Interface
- Stateful Firewall
- Aliases & GeoLite Country Database
- Traffic Shaper
- Two-factor authentication
Supported 2FA services include:
- OPNsense Graphical User Interface
- Captive Portal
- Virtual Private Networking – OpenVPN & IPsec
- Caching Proxy
- OPNsense Captive Portal
- Captive Portal
- Virtual Private Network – IPsec & OpenVPN GUI
- High Availability / Hardware Failover (CARP)
- Caching Proxy
- Intrusion Detection & Prevention
- Integrated support for ET Open rules.
- Integrated SSL Blacklist (SSLBL)
- Intergrated Feodo Tracker
- SSL Finger Printing
- Backup & Restore
- Reporting & Monitoring
- Firmware & Plugins
- Free Up-to-Date Online Manual
Changelog OPNsense 22.1.8
Here are the full patch notes:
o system: only restore missing or zero size ACL files
o system: support plugin device reconfiguration in pluginctl utility
o system: prevent gateway monitoring from entering a “filter reload” loop
o system: use password_verify() in authenticators (contributed by oittaa)
o system: hide password from command line during config encryption
o interfaces: add technical interface ID display to assignments page
o firewall: various usability and visibility improvements for aliases
o firewall: performance improvement for large numbers of port type aliases
o firewall: simplify sort and add natural sorting in alias diagnostics
o captive portal: add extendedPreAuthData for MAC address retrieval during authentication
o dhcp: refactor IPv4 lease removal and purge static leases before starting service
o dhcp: allow custom configuration from directories
o firmware: bypass cache with timestamp in “upgradestatus” call (contributed by gibwar)
o firmware: lowercase search in plugins/packages
o intrusion detection: fix log file ACL mismatch
o ipsec: squelch spurious errors on stderr for backend status action
o unbound: add custom “destination address” as advanced option for blocklists
o mvc: distinct between HTTP errors 401 and 403 during authentication
o mvc: call microtime(true) only once during config save (contributed by csbyte)
o plugins: os-acme-client 3.11[1]
o plugins: os-nginx 1.27[2]
o plugins: os-postfix 1.22[3]
o src: tcp: rewind erroneous RTO only while performing RTO retransmissions
o src: bnxt: Allow bnxt interfaces to use VLANs
o src: rc: use _pidcmd to determine pid for protect
o ports: curl 7.83.1[4]
o ports: sqlite 3.38.2[5]
o ports: strongswan 5.9.6[6]
