OPNSense
opnsense.org Hardware
Enterprise firewall and router for protecting networks, built on the FreeBSD system.
- Homepage: opnsense.org
- GitHub: github.com/opnsense/core
- Web info: web-check.xyz/check/opnsense.org
OPNSense Source Code
Author
Description
OPNsense GUI, API and systems backend
Homepage
https://opnsense.org/License
BSD-2-Clause
Created
13 Dec 14
Last Updated
18 Jun 26
Latest version
Primary Language
PHP
Size
101,035 KB
Stars
4,486
Forks
956
Watchers
4,486
Language Usage
Star History
Top Contributors
-
@fichtner (9701)
-
@AdSchellevis (7637)
-
@swhite2 (691)
-
@Monviech (371)
-
@jschellevis (186)
-
@dotike (171)
-
@kulikov-a (141)
-
@MichaelDeciso (72)
-
@taguchi-ch (56)
-
@fabianfrz (53)
-
@NOYB (49)
-
@8191 (46)
-
@mimugmail (42)
-
@fraenki (28)
-
@sopex (27)
-
@maurice-w (26)
-
@pv2b (23)
-
@peppelinux (14)
-
@vnxme (13)
-
@opnsenseuser (13)
-
@gitdevmod (12)
-
@agh1467 (11)
-
@Greelan (10)
-
@nhirokinet (10)
-
@jsoref (9)
-
@TomWalraven (9)
-
@fredronnv (9)
-
@evbevz (8)
-
@phpb-com (8)
-
@ypid (8)
-
@jfayre (8)
-
@cbasolutions (7)
-
@ljm42 (7)
-
@Northguy (7)
-
@gwjo (6)
-
@mmorev (6)
-
@Stephanowicz (6)
-
@chrisch1974 (6)
-
@djGrrr (6)
-
@doktornotor (6)
-
@soif (6)
-
@johnaheadley (5)
-
@lin-xianming (5)
-
@williamdes (5)
-
@pmhausen (5)
-
@dharrigan (5)
-
@kumy (4)
-
@bensmithurst (4)
-
@cbrueffer (4)
-
@n-thumann (3)
-
@tangrs (3)
-
@tobiasdegen (3)
-
@0nnyx (3)
-
@noctarius (3)
-
@eljeffeg (3)
-
@Xeroxxx (3)
-
@stilez (3)
-
@noname12123 (3)
-
@oittaa (3)
-
@tomcheung789 (3)
-
@EugenMayer (3)
-
@GMazzocato (3)
-
@g-a-c (3)
-
@skazi0 (3)
-
@reitermarkus (3)
-
@smopucilowski (3)
-
@jdeluyck (3)
-
@jakobsen-lrz (3)
-
@tbandixen (3)
-
@framer99 (3)
-
@MaxOrelus (2)
-
@pksadiq (2)
-
@namezero111111 (2)
-
@xbb (2)
-
@planetf1 (2)
-
@oliverjueguen (2)
-
@ppmathis (2)
-
@Qhilm (2)
-
@Roy-Orbison (2)
-
@ServiusHack (2)
-
@thomasjsn (2)
-
@Tikimotel (2)
-
@trunet (2)
-
@brotherla (2)
-
@cs-1 (2)
-
@haxorton (2)
-
@kuya1284 (2)
-
@ndejong (2)
-
@mikahe (2)
-
@ngreatorex (2)
-
@juliocbc (2)
-
@computeralex92 (2)
-
@agoodkind (2)
-
@criadoperez (2)
-
@alexpro (2)
-
@AndyX90 (2)
-
@BPplays (2)
-
@terminar (2)
-
@fvanroie (2)
-
@chrko (2)
Recent Commits
-
Firewall: Rules: Remove safepoint actions (#10411) * Remove safepoint actions, no callers should be left * Remove rollback_cancel.php and rollback_timer.php and their configd actions
-
mvc: also do not translate empty labels in grids #10369
-
ui: add generic escaping function
-
system: curl_close() is deprecated This has been a no-op since 8.0.0, but deprecated since 8.5.0.
-
system: tweak text color on previous
-
system: change the services widget to a flat tile layout Make the names of the services shown a bit shorter. The colors are debatable but they are matchin what alerts are using in bootstrap.
-
system: deriving $_SERVER['argv'] from the query string is deprecated Only used by Nginx plugin and probably able to simplify there. It's a bit strange in this case. Allegedly the variable has no effect on CLI applications.
-
routing: fix HTTP 500 when deleting a non-existent gateway (#10429) delGatewayAction() dereferenced the result of getNodeByReference() without a null check, so an unknown uuid reached "(string)$gateway->name" on null and raised an error, which the API renders as HTTP 500 ("Unexpected error, check log for details"). Guard the lookup and return the already-initialised {"result":"failed"} instead, matching the inherited del* verbs and the adjacent toggleGatewayAction(), which already null-check getNodeByReference().
-
interfaces: missed in previous
-
firewall: chr(): providing a value not in-between 0 and 255 is deprecated
-
tests: Method ReflectionMethod::setAccessible() is deprecated since 8.5
-
mvc: DescriptionField: disable special and newline characters This is only cosmetic and since the description is only used as a label and not a note block this is fine (and could be overwridden by the model if needed).
-
Vezpi (17 Jun 26)
system: fix ACL pattern for carp_status action (#10428)
-
mvc: use camelCase for carp_status action related to #10428
-
Interfaces/DHCP - Further tighten security for https://github.com/opnsense/core/security/advisories/GHSA-5rx3-w735-74wm As advanced fields should always require high level access, we should prevent accidental mistakes from administrators allowing non-admins from changing these items. In the long run, we likely want to drop these options, but that requires at least bringing back some common options which we are able to validate properly.
-
system: webgui templating more pretty
-
src: non-canonical cast (double) is deprecated
-
system: non-canonical cast (binary) is deprecated May need to revisit this again, but for now PHP suggests that (string) is equivalent to (binary) although the code reads strange.
-
firewall: using null as an array offset is deprecated
-
contrib: another implicit null
-
src: implicitly marking parameter $chown as nullable is deprecated
-
Firewall: fix 500 (TypeError) on alias getItem with unknown UUID (#10417)
-
firewall: allow WAN as "associated interface" for NPTv6 #10413
-
lujiefsi (15 Jun 26)
firewall: escape shaper targets in rule edit PR: GHSA-m4m3-v627-wgc2
-
firewall: fix typo that prevented queues to be selectable in pf-based traffic shaping
-
ipsec: validate the use of refid in CA certificates PR: GHSA-33q4-wcv7-r8fr
-
evan (29 May 26)
mvc: strict alphanumeric-only regex for certificate refid CVE: CVE-2026-53582 PR: GHSA-xww7-76m6-mh2r
-
dnsmasq: change widget link from settings to leases page (#10420)
-
MVC:ui - refactor base_dialog and parseFormNode to simplify the template for https://github.com/opnsense/core/issues/9955 [2] bugfix https://github.com/opnsense/core/commit/3d9cccfe4038802807219621ddd49cf668a05144
-
src: style sweep
OPNSense Security
Security Advisories (7)
- critical Patched CVSS 9
CVE-2026-53581 ntp: write path traversal
- critical Patched CVSS 9.1
CVE-2026-44194 RCE on user managment
- critical Patched
CVE-2026-45158 Command Injection via Attacker-Controlled DHCP Config
- critical Patched CVSS 9.1
CVE-2026-44193 RCE via XMLRPC endpoint using `opnsense.restore_config_section` method
- medium Patched CVSS 5.3
CVE-2026-44195 Authentication lockout bypass
- high Patched CVSS 8.2
CVE-2026-34578 LDAP Injection via Unsanitized Username in Authentication
- medium Patched CVSS 6.3
CVE-2026-30868 Cross-Site Request Forgery (CSRF) in opnsense/core
OPNSense Website
Website
OPNsense® is an open source, feature rich firewall and routing platform, offering cutting-edge network protection. - OPNsense
We’ve made digital security accessible to everyone. With our free OPNsense® platform, you get all the features of expensive commercial firewalls and more. Enjoy open and verifiable sources in a product developed with and for a large user community.
Redirects
Does not redirect
Security Checks
All 65 security checks passed
Server Details
- IP Address 89.149.225.137
- Location Amsterdam, Noord-Holland, Netherlands (Kingdom of the), EU
- ISP Leaseweb Netherlands B.V.
- ASN AS60781
Associated Countries
-
US -
NL
Safety Score
Website marked as safe
100%
Blacklist Check
opnsense.org was found on 0 blacklists
- AntiSocial Blacklist
- Artists Against 419
- Badbitcoin
- Bambenek Consulting
- CERT Polska
- CoinBlockerLists
- CRDF
- CryptoScamDB
- EtherAddressLookup
- EtherScamDB
- Fake Website Buster
- MetaMask EthPhishing
- NABP Not Recommended Sites
- OpenPhish
- PetScams
- PhishFeed
- PhishFort
- Phishing.Database
- PhishStats
- PhishTank
- Phishunt
- RPiList Not Serious
- Scam.Directory
- SecureReload Phishing List
- Spam404
- StopGunScams
- Suspicious Hosting IP
- ThreatFox
- ThreatLog
- TweetFeed
- URLhaus
- ViriBack C2 Tracker
Website Preview
OPNSense Reviews
More Firewalls
-
AFWall+
(Android - Rooted)
xdaforums.com/t/5-0-root-3-6-0-afwall-iptables-firewall-28-aug-2023.1957231Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for rooted Android devices, which provides very fine-grained control over which Android apps are allowed to access the network.
-
Open source GUI firewall for Linux, allowing you to block internet access for certain applications. Supports both simple and advanced mode, GUI and CLI options, very easy to use, lightweight/ low-overhead, under active maintenance and backed by a strong community.
-
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Easy to install on a raspberry Pi, since it is lightweight and heavily customizable.
-
A very polished application firewall, allowing you to easily manage internet connections on a per-app basis. (Mac OS)
Not Open Source -
Firewall app for iPhone, allowing you to block any connection to any domain.
Not Open Source -
Free, open source macOS firewall. It aims to block unknown outgoing connections, unless explicitly approved by the user.
-
Provides simple and advanced ways to block access to the internet. Applications and addresses can individually be allowed or denied access to Wi-Fi and/or mobile connection.
-
Makes internet connections from all apps visible, allowing you to block or manage traffic on a per-app basis. GNU/Linux port of the Little Snitch application firewall.
-
An open-source ad-blocker and firewall app for Android 6+ (does not require root).
-
An open source firewall tool for Linux that builds upon the Netfilter system built into the Linux kernel, making it easier to manage more complex configuration schemes with iptables.
-
Tool to control Windows Filtering Platform (WFP), in order to configure detailed network activity on your PC. (Windows)
-
The ufw (Uncomplicated Firewall) is a GUI application and CLI, that allows you to configure a firewall using
iptablesmuch more easily.
About the Data: OPNSense
Change History
API
You can access OPNSense's data programmatically via our API. Simply make a GET request to:
https://api.awesome-privacy.xyz/v1/services/opnsenseThe REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.
Share OPNSense
Help your friends compare Firewalls, and pick
privacy-respecting software and services.
Share OPNSense and Awesome Privacy with your network!