Skip to content
July 7, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Linux
  • OPNsense 18.7 released, FreeBSD based firewall and routing platform
  • Linux

OPNsense 18.7 released, FreeBSD based firewall and routing platform

Do Son August 1, 2018 8 minutes read
Add Daily CyberSecurity as a preferred
source on Google

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining  familiar aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.

OPNsense offers weekly security updates with small increments to react on new emerging threats within in a fashionable time.  A fixed release cycle of 2 major releases each year offers businesses the opportunity to plan upgrades ahead. For each major release a roadmap is put in place to guide development and set out clear goals.

Feature

  • Dashboard
    OPNsense offers a dashboard feature to quickly check the status of your OPNsense Firewall.Shown is the latest version with drag and drop multi collumn support.
  • Modern User Interface
    The modern user interface offers a great user experience with multi language support, build-in help and quick naviagtion with the searchbox.
    Shown is the fast search navigation option.
  • Stateful Firewall
    A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. OPNsense offers grouping of Firewall Rules by Category, a great feature for more demanding network setups.
  • Aliases & GeoLite Country Database
    Managing firewall rules have never been this easy. By using Aliases you can group mulitple IP’s or Host into one list, to be used in firewall rules. Additionally IP or Hostnames can be fetched from external URLs, examples are DROP (Do Not Route Or Peer), Abuse.ch’s Ransomware tracker and the build-in Maxmind GeoLite2 Country database.
  • Traffic Shaper
    Traffic shaping within OPNsense is very flexible and is organised around pipes, queues and corresponding rules. The pipes define the allowed bandwidth, the queues can be used to set a weight within the pipe and finally the rules are used to apply the shaping to a certain package flow. The shaping rules are handled independently from the firewall rules and other settings.
  • Two-factor authentication
    Two-factor authentication also known as 2FA or 2-Step Verification is an authentication method that requires two components, such as a pin/password + a token. OPNsense offers full support for Two-factor authentication ( 2FA ) throughout the entire system utilizing Google Authenticator.
    Supported 2FA services include:

    • OPNsense Graphical User Interface
    • Captive Portal
    • Virtual Private Networking – OpenVPN & IPsec
    • Caching Proxy
    • OPNsense Captive Portal
  • Captive Portal
    Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.OPNsense offer most enterprise features including Radius and voucher support.
  • Virtual Private Network – IPsec & OpenVPN GUI
    OPNsense offers a wide range of VPN technologies ranging from modern SSL VPN’s to well known IPsec as well as older (now considered insecure) legacy options such as L2TP and PPTP. Site-to-Site and road warrior setups are possible and with the integrated OpenVPN client exporter, the client can be configured within minutes. Looking for a IPsec or OpenVPN GUI, you just found something better!
  • High Availability / Hardware Failover (CARP)
    OPNsense utilises the Common Address Redundancy Protocol or CARP for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. Utilising this powerful feature of OPNsense creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network connections will stay active with minimal interruption for the users.
  • Caching Proxy
    The caching proxy offered by OPNsense is fully featured and includes category based webfiltering, extensive Access Control Lists and can run in transparent mode. The proxy can be combined with the traffic shaper to enhance user experience. Integration with most professional Anti-Virus solutions is possble trough the ICAP interface.
  • Intrusion Detection & Prevention
    The inline IPS system of OPNsense is based on Suricata and utilises Netmap to enhance performance and minimize cpu utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed.
  • Integrated support for ET Open rules.
    The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection.
  • Integrated SSL Blacklist (SSLBL)
    A project maintained by abuse.ch. The goal is to provide a list of “bad” SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists.
  • Intergrated Feodo Tracker
    Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud and steal sensitive information from the victims computer, such as credit card details or credentials. At the moment, Feodo Tracker is tracking four versions of Feodo.
  • SSL Finger Printing
    The IPS option to allow user defined rules include the option for SSL fingerprinting. With this option SSL communication can be blocked at the inital connection attempt by dropping the SSL key exchange.
  • Backup & Restore
    Better safe than sorry, always keep an up to date backup of your configuration. It’s easy with OPNsense.

    • History
      Automatic backups of configuration changes make it possible to review history and restore previous settings.
    • Backup
      Easily download a backup from within the GUI and store on a safe place.
      Encrypt the backup with a strong password and make plain text unreadable for unauthorised persons.
    • Restore
      Upload your configuration backup file and restore it with ease.
    • Cloud Backup
      OPNsense supports encrypted cloud backup of your configuration with the option to keep backups of older files (history). For this purpose Google drive support has been integrated into the user interface.
  • Reporting & Monitoring
    OPNsense offers many options for reporting and monitoring the system, these include:

    • System Health
      A modern take on RRD graphs with the option to zoom in and export data.
    • Netflow Exporter
      Use your favorite netflow analyser to see most active users, interfaces, ports & applications.
    • Insight – Intergrated Netflow Analyser
      OPNsense also offers an integrated Netflow analyser without the need for additional plugins or tools, similar to what you may find in high-end commercial products.
  • Firmware & Plugins
    Offering a robust firmware upgrade path to react on emerging threats in a fashionable time; OPNsense is equipped with a reliable and secure update mechanism to provide weekly security updates. A plugin mechanism can be used to install additional packages and customisations.
  • Free Up-to-Date Online Manual
    Our online documentation is completely searchable, up-to-date and offered for free. Features are explained in detail and examples are provided in the form of how-to’s , making configuring OPNsense as simple as possible. And if you are a developer than you’ll find all about our framework, coding guidelines and hello-world pugin well organised in the Developers section. See docs.opnsense.org.

Changelog OPNsense® 18.7

  • o improved WAN DHCPv6 and SLAAC connectivity and tracking
    o functional IPv6 Rapid Deployment (6RD) support
    o improved default route handling and gateway switching
    o OpenVPN default setup improvements for IPv6 and RADIUS attribute support
    o Dpinger gateway monitoring integration
    o password policies for local authentication and coupled TOTP
    o Monit core integration to eventually replace the legacy notifications
    o OpenSSH access via group and shell selection instead of privilege
    o pluggable backup framework with new Nextcloud option
    o sytem tunables are now also used as loader tunables
    o unrestricted VLAN usage for e.g. Xen
    o QinQ interface removal
    o firmware GUI speedup, improved error parsing and console reboot hint
    o ZFS on root boot support (installer support is pending, but opnsense-bootstrap works)
    o ZFS and MSDOS config import support
    o ISC DHCP version moves from 4.3 to 4.4
    o RRDtool version moves from 1.2 to 1.7
    o rework rc.syshook facility to use drop-in directories instead of suffixes
    o backports of FreeBSD 11.2 Intel NIC drivers
    o stand-alone frontend UI development tools
    o language updates for Czech, French, German, Portuguese (Brazil)
    o UI header security and SSL cipher hardening
    o extensive UI cleanups and menu consolidation
    o new and rewritten plugins: os-cache, os-lcdproc-sdeclcd, os-net-snmp,
    os-nut, os-openconnect, os-relayd 2.0, os-shadowsocks, os-theme-cicada,
    os-theme-rebellion, os-theme-tukan, os-wol 2.0
  • More…

Download

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: OPNsense

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-55500CVSS 9.9
    ## Summary The `/api/settings/database` endpoint allows full database export (containing all credentials,...
  • CVE-2026-54496CVSS 9.3
    ### Summary A soundness vulnerability in the variable-base scalar multiplication gadget of...
  • CVE-2026-55615
    Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no...
  • CVE-2026-57572CVSS 10.0
    Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0,...
  • CVE-2026-57571CVSS 9.6
    Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0,...
  • CVE-2026-34038CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
  • CVE-2026-54769CVSS 10.0
    ### Advisory Details **Title**: Sandbox Escape to Remote Code Execution via Incomplete...
  • CVE-2026-54760
    # SQLChatAgent `_validate_query` dangerous-pattern regex is bypassable via quoted/commented/qualified function names ##...
  • CVE-2026-53486CVSS 9.1
    ### Impact When extracting an archive to a directory, a crafted archive...
  • CVE-2026-9181CVSS 9.8
    ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.