5 OPNsense plugins I use that everyone should install

OPNsense is a free, open-source software platform that can be used to manage and secure computer networks. Think of it as a powerful, customizable firewall that acts like a gatekeeper for your internet traffic -- deciding what data can enter or leave your network. It's super-useful in ensuring your network stays protected. It's the need of the hour, especially considering how data on the internet is prone to breaches. In fact, I would recommend replacing your ISP's router with an OPNsense firewall since it's much more effective. Once you do that, you can add several plugins to OPNsense that go a step further in protecting you when you're online.

Each plugin enhances OPNsense’s capabilities in unique ways, catering to security and monitoring the flow of traffic. Some of them analyze the type of traffic entering your network, while others block unverified IP addresses, provide real-time insights, detect and prevent intrusions, etc. Let's just say that these plugins ensure that your network becomes an absolute nightmare for attackers trying to gain access.

5 Zenarmor

Next-gen firewall upgrade

Zenarmor is a powerful plugin that upgrades OPNsense into a next-generation firewall (NGFW), offering advanced security features to protect networks from incoming threats. It performs deep packet inspection to analyze traffic -- which enables web filtering and real-time threat blocking. You can use it to restrict specific applications -- for instance -- block social media apps or certain websites that you don't want your kids to access, and even inspect encrypted HTTPS traffic for hidden threats. It has a cloud-based threat intelligence feature that blocks malicious IPs and domains in its database. You can also view dashboards that show network activity, user behavior, and blocked threats.

Essentially, Zenarmor significantly enhances OPNsense’s basic firewall capabilities, offering high-quality protection without the need for dedicated hardware. It’s primarily useful for small businesses or parents who want to control their kids' internet access. If you wish to keep malware at bay (who doesn't want to?), prevent phishing, and reduce the risk of breaches to your network, this is one of the first few plugins to install.

4 CrowdSec

A bouncer for your network

If you're looking for a plugin that can automatically block any malicious IP addresses before they cause any harm, your search ends here. CrowdSec analyzes system logs to detect suspicious behavior, such as brute-force attacks or port scans, and automatically bans offending IPs. As the name suggests, the unique aspect of CrowdSec is its crowdsourced threat intelligence. It shares anonymized attack data with a global community, receiving real-time updates on known malicious IPs.

This collective approach ensures your network is protected from threats targeting other users worldwide. The idea is to reduce the attack surface by stopping threats early. This way, the load on other security tools like intrusion detection systems can be eased. It's also an excellent weapon for thwarting automated bots and DDoS attempts.

3 Ntopng

Real-time insights

The primary function of Ntopng is to provide real-time insights into your network’s activity -- with the goal of optimizing performance and enhancing security. It tracks bandwidth usage, identifies devices or applications consuming more data than usual, and monitors protocols. This offers a clear picture of what’s happening on your network. Ntopng can also detect anomalies such as sudden traffic spikes or connections to blacklisted hosts.

It also monitors TLS certificates and stores historical data for trend analysis. Another aspect of Ntopng I like is that it integrates with tools like Grafana or InfluxDB -- allowing you to create custom dashboards. Use fancy visuals and charts to analyze your network data! Apart from securing your network, Ntopng is also useful for identifying and troubleshooting network-related issues like slow connections, and stopping internet access to devices hogging up bandwidth, like your kid's tablet, for instance.

2 Suricata

Detect and prevent intruders

Suricata is an advanced intrusion detection and prevention system (IDS/IPS) plugin for OPNsense. It's designed to monitor and protect your network from sophisticated threats by analyzing network traffic in real-time to detect suspicious activity. As an IDS, it alerts you about potential threats, and as an IPS, it actively blocks them. It integrates seamlessly with OPNsense’s firewall, providing detailed logs and alerts via a nice UI.

Standard firewalls may miss out on complex attacks such as zero-day exploits or targeted intrusions. This is exactly why you need to add Suricata to OPNsense. While OPNsense has built-in IDS/IPS, Suricata’s ability to inspect encrypted traffic when paired with TLS inspection tools and block threats in real-time is why it has made it to this list.

1 WireGuard

VPN for OPNsense

WireGuard is a lightweight VPN plugin for OPNsense that enables secure, encrypted connections for remote access. Unlike traditional VPNs, WireGuard delivers faster performance while consuming fewer resources. It creates secure tunnels to connect remote devices to your home or office network or link multiple networks together. Think of it as the perfect way to securely access your home servers or even security cameras while away.

Notably, it requires less CPU power than older VPN protocols, making it the ideal candidate to be deployed on a Raspberry Pi or any other SBC. Whether you want to secure your home lab or manage a corporate network as a small business, WireGuard is a reliable and secure solution.

Protect your network like an expert

It's time to track the traffic coming in and going out of your network, and there's no better way to do it than using these plugins on OPNsense. Most of them are free, they help you identify potential red flags, and help you prevent any sort of intrusion into your network. So, pick up an old Raspberry Pi or used PC, and turn it into an OPNsense router!