@fischerdev

A Beginner’s Guide to Firewall and Routing with OPNsense

Short introduction for beginners to OpenSense with a small feature overview.

fabian@fischerdev.com
January 01, 2025
A Beginner’s Guide to Firewall and Routing with OPNsense

In today’s connected world, managing network security and routing efficiently is a top priority for businesses and individuals alike. OPNsense, a powerful open-source firewall and routing platform based on FreeBSD, has become a popular choice for those seeking an affordable yet robust solution. In this article, we’ll explore what OPNsense is, how it handles firewall and routing functionalities, and how you can set it up to secure and optimize your network. 

 

What is OPNsense? 

OPNsense is an open-source firewall and routing platform that offers enterprise-grade features to help you secure your network. It provides a web-based graphical user interface (GUI) that simplifies configuration and management, making it suitable for beginners and experienced administrators alike. OPNsense supports advanced networking features such as intrusion detection/prevention, VPN, traffic shaping, and high availability, in addition to its core firewall and routing capabilities. 

 

Key Features of OPNsense

  • Firewall: Stateful packet inspection, NAT, and advanced filtering options.
  • Routing: Static and dynamic routing with protocols like OSPF and BGP.
  • Intrusion Detection/Prevention: Integration with Suricata for real-time traffic analysis.
  • VPN Support: IPsec, OpenVPN, and WireGuard integration.
  • User-Friendly Interface: Intuitive web GUI for easy management.
  • Expandability: Plugins for additional features such as web proxy, antivirus, and reporting tools.  

Firewall Configuration with OPNsense 

 

The firewall in OPNsense is a powerful tool that allows you to control traffic entering and leaving your network. Here’s how you can set up and manage firewall rules: 

 

1. Accessing the Firewall Interface

  • Log in to the OPNsense web interface.
  • Navigate to Firewall > Rules to manage rules for various interfaces (LAN, WAN, etc.).  

2. Creating Rules

  • Select the interface (e.g., LAN) where you want to apply the rule.
  • Click + Add to create a new rule.
  • Define the source, destination, port, and action (allow or deny).
  • Apply the changes and reload the firewall for the rules to take effect.  

3. Using NAT

  • OPNsense supports Network Address Translation (NAT) for mapping private IPs to public IPs.
  • Go to Firewall > NAT > Port Forward to configure port forwarding rules.
  • Specify the external port, internal IP, and port where the traffic should be redirected.  

Routing with OPNsense 

 

Routing ensures that packets are forwarded correctly between different network segments. OPNsense supports both static and dynamic routing. 

 

1. Static Routing

  • Navigate to System > Routes > Configuration.
  • Add a static route by specifying the destination network and the gateway.
  • Static routes are ideal for small networks or fixed traffic patterns.  

2. Dynamic Routing

  • OPNsense integrates with routing protocols like OSPF, BGP, and RIP through the FRR plugin.
  • To enable dynamic routing:
    • Install the FRR plugin from the System > Plugins section.
    • Configure the desired routing protocol under Services > FRR.
    • Define the network and peer information.  

Advanced Features 

 

1. Traffic Shaping

  • Traffic shaping allows you to prioritize certain types of traffic (e.g., VoIP or video streaming).
  • Configure this under Traffic Shaper by creating pipes, queues, and rules.  

2. VPN Configuration

  • Set up secure remote access using IPsec, OpenVPN, or WireGuard.
  • OPNsense provides wizards to simplify the VPN configuration process.  

3. Monitoring and Logs

  • Use Reporting > Insight to monitor network traffic.
  • Check logs under System > Log Files to troubleshoot issues and review security events.  

Best Practices

  • Regular Updates: Keep OPNsense updated to ensure you have the latest security patches and features.
  • Backup Configurations: Use the System > Configuration > Backups feature to back up your settings.
  • Test Rules: Before applying complex rules, test them in a controlled environment to avoid accidental disruptions.
  • Use Plugins Wisely: Only enable plugins you need to avoid unnecessary resource usage.  

Conclusion 

OPNsense is a versatile platform that combines firewall, routing, and additional network security features in one package. Its user-friendly interface and robust functionality make it an excellent choice for both home and business environments. Whether you are setting up basic firewall rules or managing complex routing configurations, OPNsense provides the tools you need to protect and optimize your network. 

 

By understanding and implementing the features discussed, you can ensure a secure and efficient networking environment. Explore OPNsense’s extensive documentation and community forums to further enhance your setup. Happy networking!