Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
OPNsense Beginner to Professional

You're reading from   OPNsense Beginner to Professional Protect networks and build next-generation firewalls easily with OPNsense

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781801816878
Length 464 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Julio Cesar Bueno de Camargo Julio Cesar Bueno de Camargo
Author Profile Icon Julio Cesar Bueno de Camargo
Julio Cesar Bueno de Camargo
Arrow right icon
View More author details
Toc

Table of Contents (25) Chapters Close

Preface 1. Section 1: Initial Configuration
2. Chapter 1: An OPNsense Overview FREE CHAPTER 3. Chapter 2: Installing OPNsense 4. Chapter 3: Configuring an OPNsense Network 5. Chapter 4: System Configuration 6. Section 2: Securing the Network
7. Chapter 5: Firewall 8. Chapter 6: Network Address Translation (NAT) 9. Chapter 7: Traffic Shaping 10. Chapter 8: Virtual Private Networking 11. Chapter 9: Multi-WAN – Failover and Load Balancing 12. Chapter 10: Reporting 13. Section 3: Going beyond the Firewall
14. Chapter 11: Deploying DHCP in OPNsense 15. Chapter 12: DNS Services 16. Chapter 13: Web Proxy 17. Chapter 14: Captive Portal 18. Chapter 15: Network Intrusion (Detection and Prevention) Systems 19. Chapter 16: Next-Generation Firewall with Zenarmor 20. Chapter 17: Firewall High Availability 21. Chapter 18: Website Protection with OPNsense 22. Chapter 19: Command-Line Interface 23. Chapter 20: API – Application Programming Interface 24. Other Books You May Enjoy

About the OPNsense project

To introduce you to the OPNsense project, I'll first need to tell a bit of my story and how I fell in love with it.

Project history

To tell the OPNsense story, we need to go back to 2003, when the initial release of m0n0wall was released. The main goal of this project was to have FreeBSD-based firewall software with an easy-to-use web interface (based on PHP) that worked on embedded PCs and old hardware with a good performance but that was just focused on Layer 3 and Layer 4 firewalling. m0n0wall was a good achievement. Still, picky network and security admins were claiming for other features such as web proxying, intrusion detection and prevention systems, and some other features that commercial firewalls were delivering as a default Unified Threat Management Solution (UTM). So, in 2004 a new project began, a m0n0wall fork, with its first public released in 2006. The fork's name? pfSense, and, as the name suggests, it used Packet Filter (PF) as a firewall-based system instead of the ipfilter (another FreeBSD packet filter)of its predecessor. For a long time, pfSense was a unique open source firewall solution, with a big active community and constant improvements. Many network and security administrators that only accepted Linux-based firewalls (yes, I was one of them too!) started to migrate to this FreeBSD-based firewall. These two projects coexisted until 2015, when m0n0wall was discontinued. There were signs of discontent back then; part of the pfSense community was not happy with some things such as changes in licenses and the direction the project was heading in.

Back in 2014, a brave group of developers decided to fork from pfSense and m0n0wall and started the OPNsense project. The first official release was in January 2015, inheriting a lot of code from its predecessors. Still, with a very ambitious plan to change how a lot of things were being done, OPNsense quickly rose as a pfSense alternative and received an important recommendation from the m0n0wall founder, Manuel Kasper, encouraging users from his project to migrate to OPNsense. It was the start of one of the best open source firewall projects.

A new project with a lot of improvements on old code

The following are some of the key features that OPNsense came with:

  • OPNsense came with many new concepts and features that the community could claim credit for, such as a Model View Controller (MVC)-based web interface, a fixed release cycle, and a genuinely open source aspiration. The release cycle is done in two major versions each year, one in January and another in July (the community version) – for example, in 2021, the first version was 21.1 (January 2021), and the second one was 21.7 (July 2021), with a predictable and well-written roadmap. For the business edition, the releases are launched in April and October. The business editions are targeted at businesses and enterprises, containing the improvements delivered to the community version users first.
  • As a Chief Technology Officer (CTO) with dozens of managed OPNsense-based firewalls, it is strategic to use firewall firmware with a predictable roadmap and release life cycle. This way, we can plan things with companies whose business depends on our managed firewalls.

Talking about versions, we need to introduce you to the flavor available:

  • OpenSSL: The default one.

If you don't have any reason to choose LibreSSL, I'll advise you to pick the default one, OpenSSL. We will talk more about versions and installation media in the next chapter.

Talking about improvements, we must speak of the project architecture, starting with the frontend, the Phalcon PHP framework. This framework is used to implement webGUI and its APIs (another considerable improvement compared with its predecessors). It will do the work to render and control all that you can see and do using your web browser to manage your OPNsense.

The OPNsense framework also contains a backend, which is a Python-based service, also known as configd. This backend service will be in charge of controlling services, generating daemons and service config files from Jinja2 templates, and applying these configurations to an operating system.

With this architecture, OPNsense has a significant advantage – a secure way to manage and apply configurations to an operating system without executing root commands directly from the PHP web interface (as pfSense did, for example), reducing the risk of a flaw in webGUI compromising the whole firewall system.

So, now that we know how OPNsense evolved and its benefits, let's take a look at the operating system that serves as the base to this incredible firewall platform – FreeBSD's fork, HardenedBSD. It's essential to understand how the whole system and its components work to become a good OPNsense administrator. Let's go!

You have been reading a chapter from
OPNsense Beginner to Professional
Published in: Jun 2022
Publisher: Packt
ISBN-13: 9781801816878
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image