MagazinesNewspapersBuy Gift CardRedeem Gift Card
GB flagUnited Kingdom

Europe

Austria Belgium Bulgaria Croatia Czech Republic Denmark Estonia Finland France Germany Greece Guernsey Hungary Ireland Isle of Man Italy Jersey Latvia Lithuania Luxembourg Malta Netherlands Norway Poland Portugal Romania Slovakia Slovenia Spain Sweden Switzerland Ukraine United Kingdom

Asia

China Cyprus Hong Kong Indonesia Japan Philippines Saudi Arabia Singapore Thailand

Oceania

Australia New Zealand

Americas

Canada United States

Africa

South Africa
Magazines Linux Format Magazine 19 September 2023Opnsense 23.7

Opnsense 23.7

2 min read

BSD distribution

Nate Drake has the good sense to try out OPNSense, a powerful firewall distro based (in a roundabout fashion) on FreeBSD.

OPNSense is one of the most popular specialist operating systems designed specifically for firewalls and routers. It boasts a proud ancestry, given the OS is a fork of pfSense, which itself is a fork of the now (sadly) defunct m0n0wall, built on the FreeBSD operating system.

We’ve delved into OPNSense’s lineage as FreeBSD places a strong emphasis on security, such as ACLs (access control lists), MAC (mandatory access control) and support for OpenSSH. Like FreeBSD, OPNSense also has an integrated mechanism to handle automatic updates.

Unlike FreeBSD, which can be run on virtually any chipset known to man, the only official build for OPNSense is for x86_64. This is balanced by an easy installer, available in the traditional ISO format, as well as VGA, serial and nano images for USB sticks. Our installer was just 413MB, expanding to a 1.6GB ISO.

Guess the password

On first launch, you can choose to run in live mode as root or as installer. This is where we hit our first issue, as we were encouraged to use the default password, without any mention of what it is. Luckily, OPNSense’s extensive online documentation came to the rescue, revealing the password to be opnsense.

After this, it was a simple matter of choosing a keymap, install configuration and hard disk, before setup was underway. Once complete, just navigate to 192.168.1.1 to interact with your shiny new firewall.

We say “firewall” but OPNSense is capable of much more than blocking traffic. Inline intrusion prevention is provided care of Suricata and Proofpoint’s Emerging Threats open rules, which are built in to the OS. Its web proxy offers access control and support for external blacklists to filter unwanted traffic. Other options include firewall aliases and DNS blacklisting.

OPNSense also integrates support for OpenVPN, as well as WireGuard. You can log in to user-created VPNs via 2FA, as well as the user interface itself.

You can expand the OS’s capabilities even further via plugins such as ZenArmor, which has a built-in threat intelligence s

This article is from...

Related Articles

Related Articles