Go to file
Brendan Bank b258cab9bd
dns:bind: do not add the update-policy if the zone type is secondary (#3873)
2024-03-27 09:05:33 +01:00
.github/ISSUE_TEMPLATE remove OpenSSL flavor from bug template (https://github.com/opnsense/src/pull/189) 2023-11-11 15:43:57 +01:00
Keywords Framework: add keyword support for sample/shadow like in core 2023-12-07 11:02:55 +01:00
Mk plugins: remove obsolete, switch to 24.1 branch, sync 2024-01-31 08:03:13 +01:00
Scripts Scripts: make "revision" target work on macOS 2022-11-02 09:32:28 +01:00
Templates plugins: remove PLUGIN_FLAVOUR handling and related LibreSSL bits 2023-02-07 09:34:11 +01:00
benchmarks/iperf benchmarks/iperf: add rubygem-rexml dependency (#3544) 2023-08-15 09:26:01 +02:00
databases/redis core changes - refactor intf_item.type usage as referred to in https://github.com/opnsense/core/issues/6181 2022-12-21 13:31:25 +01:00
devel plugins: annotate support tier levels in plugins 2023-01-18 14:57:32 +01:00
dns dns:bind: do not add the update-policy if the zone type is secondary (#3873) 2024-03-27 09:05:33 +01:00
emulators/qemu-guest-agent emulators/qemu-guest-agent: switch to newest qemu ga, fixes #3283 (#3301) 2023-02-07 12:58:37 +01:00
ftp/tftp ftp/tftp: release 1.0 and sync 2021-07-19 09:02:10 +02:00
mail mail/postfix: move to newer postfix version 2023-11-09 07:33:19 +01:00
misc ACME Command Button fix (#3843) 2024-02-27 13:48:20 +01:00
net net/relayd - move validation responsibility to the model, for https://github.com/opnsense/plugins/issues/3850 2024-03-20 11:40:37 +01:00
net-mgmt net-mgmt/zabbix-proxy: remove zabbix4 variant due to EoL 2024-02-16 08:30:02 +01:00
security security/wazuh-agent: update changelog 2024-03-14 08:59:35 +01:00
sysutils plugins: remove obsolete, switch to 24.1 branch, sync 2024-01-31 08:03:13 +01:00
vendor/sunnyvalley vendor/sunnyvalley: bump again, small issue with previous 2024-01-18 13:24:23 +01:00
www plugins: style sweep 2024-03-14 08:49:45 +01:00
.gitignore net/haproxy: change server state and weight on-the-fly (#2213) 2021-02-03 14:22:51 +01:00
CONTRIBUTING.md CONTRIBUTING: add notes 2017-09-21 09:34:56 +02:00
LICENSE LICENSE/README: sync 2024-03-08 12:56:06 +01:00
Makefile Framework: allow phony `plist-fix' target for core compat 2024-01-04 08:20:23 +01:00
README.md LICENSE/README: sync 2024-03-08 12:56:06 +01:00
ruleset.xml plugins: change to PSR12 standard 2019-10-07 16:23:08 +02:00

README.md

About the OPNsense plugins

The plugins collection offers users and developers a way to quickly build additions for OPNsense that can be optionally installed. As soon as they are upstreamed they will become available to everyone through the firmware GUI pages.

Plugins can do the following:

  • Modify the menu, access control lists and look and feel (themes)
  • Add additional server software and their respective GUI pages
  • Create new authentication methods to be used within other subsystems
  • Provide other types of devices and interfaces to the firewall
  • Pull in additional packages that will update automatically
  • Enhance the backend services with additional work tasks
  • Allow custom start, stop and early scripts
  • Persistent /boot/loader.conf modifications
  • Additional themes for the web GUI

Now we need your help to enrich the plugins. Feel free to contact us at project AT opnsense DOT org or open GitHub issue to get in touch.

Stay safe, Your OPNsense team

A list of currently available plugins

benchmarks/iperf -- Connection speed tester
databases/redis -- Redis DB
devel/debug -- Debugging Tools
devel/grid_example -- A sample framework application
devel/helloworld -- A sample framework application
dns/bind -- BIND domain name service
dns/ddclient -- Dynamic DNS client
dns/dnscrypt-proxy -- Flexible DNS proxy supporting DNSCrypt and DoH
dns/rfc2136 -- RFC-2136 Support
emulators/qemu-guest-agent -- QEMU Guest Agent for OPNsense
ftp/tftp -- TFTP server
mail/postfix -- SMTP mail relay
mail/rspamd -- Protect your network from spam
misc/theme-cicada -- The cicada theme - dark grey onyx
misc/theme-rebellion -- A suitably dark theme
misc/theme-tukan -- The tukan theme - blue/white
misc/theme-vicuna -- The vicuna theme - blue sapphire
net/chrony -- Chrony time synchronisation
net/freeradius -- RADIUS Authentication, Authorization and Accounting Server
net/frr -- The FRRouting Protocol Suite
net/ftp-proxy -- Control ftp-proxy processes
net/google-cloud-sdk -- Google Cloud SDK
net/haproxy -- Reliable, high performance TCP/HTTP load balancer
net/igmp-proxy -- IGMP-Proxy Service
net/mdns-repeater -- Proxy multicast DNS between networks
net/ntopng -- Traffic Analysis and Flow Collection
net/radsecproxy -- RADIUS proxy provides both RADIUS UDP and TCP/TLS (RadSec) transport
net/realtek-re -- Realtek re(4) vendor driver
net/relayd -- Relayd Load Balancer
net/shadowsocks -- Secure socks5 proxy
net/siproxd -- Siproxd is a proxy daemon for the SIP protocol
net/sslh -- sslh configuration front-end
net/tayga -- Tayga NAT64
net/udpbroadcastrelay -- Control ubpbroadcastrelay processes
net/upnp -- Universal Plug and Play (UPnP IGD & PCP/NAT-PMP) Service
net/vnstat -- Network traffic monitor
net/wol -- Wake on LAN Service
net/zerotier -- Virtual Networks That Just Work
net-mgmt/collectd -- Collect system and application performance metrics periodically
net-mgmt/lldpd -- LLDP allows you to know exactly on which port is a server
net-mgmt/net-snmp -- Net-SNMP is a daemon for the SNMP protocol
net-mgmt/netdata -- Real-time performance monitoring
net-mgmt/nrpe -- Execute nagios plugins
net-mgmt/telegraf -- Agent for collecting metrics and data
net-mgmt/zabbix-agent -- Zabbix monitoring agent
net-mgmt/zabbix-proxy -- Zabbix monitoring proxy
security/acme-client -- ACME Client
security/clamav -- Antivirus engine for detecting malicious threats
security/crowdsec -- Lightweight and collaborative security engine
security/etpro-telemetry -- ET Pro Telemetry Edition
security/intrusion-detection-content-et-open -- IDS Proofpoint full ET open ruleset complementary subset for ET Pro Telemetry edition
security/intrusion-detection-content-et-pro -- IDS Proofpoint ET Pro ruleset (needs a valid subscription)
security/intrusion-detection-content-snort-vrt -- IDS Snort VRT ruleset (needs registration or subscription)
security/maltrail -- Malicious traffic detection system
security/openconnect -- OpenConnect Client
security/softether -- Cross-platform Multi-protocol VPN Program (development only)
security/stunnel -- Stunnel TLS proxy
security/tinc -- Tinc VPN
security/tor -- The Onion Router
security/wazuh-agent -- Agent for the open source security platform Wazuh
sysutils/apcupsd -- APCUPSD - APC UPS daemon
sysutils/apuled -- PC Engine APU LED control (development only)
sysutils/dec-hw -- Deciso hardware specific information
sysutils/dmidecode -- Display hardware information on the dashboard
sysutils/git-backup -- Track config changes using git
sysutils/hw-probe -- Collect hardware diagnostics
sysutils/lcdproc-sdeclcd -- LCDProc for SDEC LCD devices
sysutils/mail-backup -- Send configuration file backup by e-mail
sysutils/munin-node -- Munin monitoring agent
sysutils/nextcloud-backup -- Track config changes using NextCloud
sysutils/node_exporter -- Prometheus exporter for machine metrics
sysutils/nut -- Network UPS Tools
sysutils/puppet-agent -- Manage Puppet Agent
sysutils/smart -- SMART tools
sysutils/virtualbox -- VirtualBox guest additions
sysutils/vmware -- VMware tools
sysutils/xen -- Xen guest utilities
vendor/sunnyvalley -- Vendor Repository for Zenarmor (a.k.a Sensei, Next Generation Firewall Extensions)
www/c-icap -- c-icap connects the web proxy with a virus scanner
www/cache -- Webserver cache
www/caddy -- Easy to configure Reverse Proxy based on Caddy with Automatic HTTPS and Dynamic DNS
www/nginx -- Nginx HTTP server and reverse proxy
www/squid -- Squid is a caching proxy for the web
www/web-proxy-sso -- Kerberos authentication module

A brief description of how to use the plugins repository

The workflow of the plugins repository is quite similar to the core repository, although the plugins have one source directory per plugin, while the core can be thought of a lone plugin.

Commits for individual plugins should therefore be split into individual chunks for each src/ directory so that they can be reviewed separately and also be applied remotely.

When an OPNsense release is built, the plugins are automatically added to the final package repository.

The most useful Makefile targets and their purpose is described below.

The make targets for the root directory:

  • clean: remove all changes and unknown files
  • lint: run syntax checks
  • list: print a list of all plugin directories with comments
  • style-fix: apply style fixes
  • style: run style checks
  • sweep: apply whitespace fixes

The make targets for any plugin directory:

  • clean: remove all changes and unknown files
  • collect: gather updates from target directory
  • install: install to target directory
  • lint: run syntax checks
  • package: creates a package
  • upgrade: upgrades existing package
  • remove: remove known files from target directory
  • style-fix: apply style fixes
  • style: run style checks
  • sweep: apply whitespace fixes