Firewall and NAT

Requires OPNsense Firmware >= 26.1.1

async OPNsenseClient.get_firewall()

Return firewall filter rules and all supported NAT rule groups.

Returns:

Mapping with top-level rules for firewall

filter rules and nat groups for destination NAT, one-to-one NAT, source NAT, and NPT rules. Rule groups are keyed by rule UUID.

Return type:

dict[str, Any]

async OPNsenseClient.toggle_firewall_rule(uuid, toggle_on_off=None)

Toggle Firewall Rule on and off.

Parameters:

  • uuid (str) – UUID of the firewall filter rule to toggle.

  • toggle_on_off (str | None, optional) – Target state. Use on to enable, off to disable, or None to let OPNsense toggle the current state.

Returns:

True when the toggle operation completes successfully; otherwise, False.

Return type:

bool

async OPNsenseClient.toggle_nat_rule(nat_rule_type, uuid, toggle_on_off=None)

Toggle NAT Rule on and off.

Parameters:

  • nat_rule_type (str) – NAT rule category path segment, such as d_nat, source_nat, one_to_one, or npt.

  • uuid (str) – UUID of the NAT rule to toggle.

  • toggle_on_off (str | None, optional) – Target state. Use on to enable, off to disable, or None to let OPNsense toggle the current state.

Returns:

True when the toggle operation completes successfully; otherwise, False.

Return type:

bool

async OPNsenseClient.kill_states(ip_addr)

Kill the active states of the IP address.

Parameters:

ip_addr (str) – IP address whose states should be terminated.

Returns:

Mapping with success and

dropped_states from the firewall state-kill response.

Return type:

MutableMapping[str, Any]

async OPNsenseClient.toggle_alias(alias, toggle_on_off=None)

Toggle alias on and off.

Parameters:

  • alias (str) – Alias name to toggle in firewall configuration.

  • toggle_on_off (str | None, optional) – Target state. Use on to enable, off to disable, or None to let OPNsense toggle the current state.

Returns:

True when the toggle operation completes successfully; otherwise, False.

Return type:

bool