Skip to main content

OPNsense

The CrowdSec OPNsense integration connects CrowdSec's hosted blocklist endpoint to your OPNsense firewall. In OPNsense, you'll use URL Table (IPs) aliases to create dynamic firewall aliases that automatically update from external URL sources.

Ensure your OPNsense version supports URL Table (IPs) aliases. If unsure, refer to the OPNsense documentation or contact OPNsense support.

Step 1 — Create the integration in the CrowdSec Console

In the Integrations page, click Connect under the OPNsense card.

OPNsense Integration CardOPNsense Integration Card

Name the integration (must be unique to your account), then click Create.

OPNsense Integration Creation ScreenOPNsense Integration Creation Screen

The credentials shown next are displayed only once. Copy them before closing this screen.

OPNsense Integration Credentials ScreenOPNsense Integration Credentials Screen

You now have an HTTPS endpoint and Basic Auth credentials to configure on your OPNsense device.

Step 2 — Configure OPNsense

  1. Create a URL Table (IPs) alias with your desired update frequency. Embed the credentials in the URL using Basic Auth:
https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
  1. Create a firewall rule to block IPs matching the alias.
  2. Verify the alias is populated with your subscribed blocklists.

Here is a walkthrough of the full OPNsense configuration:

Manage integration size limits with pagination

If you want to learn how to manage integration size limits with pagination, please refer to the Managing integrations size limits with pagination section.

Next Steps

Subscribe to blocklists in the Blocklist Catalog to populate your integration.