Skip to main content

OPNsense

The CrowdSec OPNsense integration allows you to block malicious IPs in your OPNsense firewall. This guide will walk you through the steps to integrate CrowdSec blocklists with your OPNsense firewall.

Prerequisites

Before you begin, please ensure your OPNsense software version supports ingesting blocklists (URL aliases). If you are unsure, please refer to the OPNsense documentation or contact OPNsense support.

Steps

We will presume you followed the Getting Started guide and have created an account on the CrowdSec Console.

Once you are authenticated, you can proceed to the Blocklist tab located on the top menu bar, from there you can select the Integrations sub menu.

Once the page has loaded, you can click the "Connect" button under the OPNsense logo.

OPNsense Integration CardOPNsense Integration Card

Doing so will prompt you to name this integration, you can name it anything you like, for example "My Integration ". Note the name should be unique per integration that is tied to your account.

OPNsense Integration Creation ScreenOPNsense Integration Creation Screen

Once the integration is generated you will be presented with a credentials screen that will provide you with the necessary information to configure your OPNsense Firewall. This information will ONLY be displayed once, so please ensure you copy it down.

OPNsense Integration Credentials ScreenOPNsense Integration Credentials Screen

OPNsense Configuration

To configure the OPNsense firewall, we will :

  1. Create a URL alias and choose the update frequency.
info

You need to put the username and password provided by the console in the "URL" so it can use basic authentication:

https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
  1. Create a firewall rule to block the malicious IPs from the CrowdSec feed alias.
  2. Check the alias is containing your subscribed blocklists.

Here is a tutorial on how to configure the OPNsense firewall with the CrowdSec Integration:

Format example

The CrowdSec blocklist will be in plain text format, with one IP address per line. Here is an example of how the blocklist will look:

192.168.38.187
192.168.38.186

Contribute to this documentation

Since CrowdSec is a community-driven project, we welcome contributions to this documentation. If you have any instructions or tips that you would like to share with the community, please feel free to open a pull request on our GitHub repository

Next Steps

Now that you have integrated CrowdSec integration with your OPNsense firewall, you can proceed to the Blocklist Catalog to find what blocklists you can subscribe too.

CrowdSec ConsoleCrowdSec Console