OPNsense 26.1: Major Updates for Open-Source Firewall
▼ Summary
– OPNsense 26.1 introduces updates to firewall management, including a redesigned rules interface and a faster live log for real-time traffic insight.
– The release expands API coverage for Source and Destination NAT, supporting deeper integration with external automation systems and orchestration workflows.
– A new optional Q-Feeds plugin provides curated threat intelligence to update indicators of compromise and block malicious IPs and domains.
– The update adds a built-in Host Discovery service that automatically identifies connected devices on the network for improved asset visibility.
– Core system enhancements include a restructured IDPS, DNS/DHCP service improvements, and a migration of network services to an MVC/API architecture.
The latest release of the open-source OPNsense firewall, version 26.1, delivers substantial improvements across network management, threat intelligence, and core system services. This update, known as Witty Woodpecker, focuses on enhancing administrative control, traffic visibility, and automation capabilities for security professionals.
Significant changes have been made to firewall management and the available programming interfaces. The live firewall log has been refined to give administrators quicker insights into real-time traffic decisions. A redesigned Firewall Rules interface alters how rules are created and reviewed for better usability. Furthermore, API coverage now includes Source NAT tagging and Destination NAT for port forwarding. This expansion allows for deeper integration with external automation systems and orchestration tools, making OPNsense more manageable programmatically in varied deployment scenarios. The accompanying documentation frames these additions as part of a larger move toward an API-driven configuration model.
For threat intelligence and asset visibility, the platform introduces new options. Administrators can now integrate optional Q-Feeds through a plugin. This service provides curated threat intelligence that can be applied directly within the firewall to update indicators of compromise and block malicious IP addresses and domains, helping to enforce policies with real-world threat data. Additionally, a new built-in Host Discovery service automatically identifies connected devices on the network. This feature offers administrators an overview of hosts without requiring manual configuration, all accessible from a unified interface.
The release also includes a series of important updates to networking services and core system components, and on the top comes the Intrusion Detection and Prevention which transitioned to a declarative conf.d structure, and a new inline inspection mode has been added for more robust traffic analysis. This comprehensive update reinforces OPNsense’s position as a versatile and powerful tool for securing network environments.
(Source: HelpNet Security)