opnsense-admin
Manage OPNsense firewall, DNS, IDS/IPS, and network configuration via API and SSH. Use when administering OPNsense firewall, configuring Suricata IDS/IPS, managing Unbound DNS, creating firewall rules, backing up configurations, monitoring traffic, or troubleshooting network issues. Supports both API-based automation and SSH command execution for OPNsense 26.1+.
Why use this skill?
Automate OPNsense firewall management, IDS/IPS monitoring, and DNS configuration using the OpenClaw opnsense-admin skill. Secure, efficient, and powerful network control.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/transcendenceia/opnsense-adminWhat This Skill Does
The opnsense-admin skill acts as a comprehensive management interface for OPNsense firewalls, leveraging both RESTful API endpoints and SSH tunneling to provide granular control over your network perimeter. It is designed for sysadmins and network engineers to automate repetitive security tasks, perform configuration backups, and manage network services without manually navigating the web interface. By abstracting the complexity of the OPNsense API and system command line, the agent can monitor intrusion detection systems, adjust firewall policies, manage DNS resolution, and verify system health in real-time.
Installation
Installation is handled via the ClawHub CLI. Ensure your target firewall is running OPNsense 26.1 or later. First, execute clawhub install openclaw/skills/skills/transcendenceia/opnsense-admin to pull the necessary assets. Post-installation, generate an API key via System > Access > Users > API. You must then secure your credentials by creating a ~/.opnsense/credentials file, ensuring it is restricted to your user account (chmod 600) to prevent unauthorized privilege escalation.
Use Cases
This skill is perfect for scenarios requiring automated infrastructure response. Use it for scheduled configuration backups to local or remote storage, ensuring compliance and rapid disaster recovery. It is highly effective for security orchestration, such as dynamically blocking IPs detected by Suricata, or for routine maintenance like reloading DHCP configurations, flushing DNS caches, and monitoring service uptime across large-scale deployments.
Example Prompts
- "Check the status of all network services on the firewall and report any that are currently stopped."
- "Update the firewall alias 'trusted-ips' to include 192.168.50.25 and then apply the change."
- "Trigger a full configuration backup and verify that the file was successfully saved to the specified archive directory."
Tips & Limitations
Always exercise caution when executing commands that modify firewall rules; a syntax error or logic mistake can permanently lock you out of the management interface. We recommend testing changes in a staging environment before deploying to production. Note that this skill requires direct network access to the firewall's API or SSH port; ensure your management network is strictly firewalled to prevent external exploitation of the agent's high-privilege access.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-transcendenceia-opnsense-admin": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, external-api, code-execution