OPNsense, the open-source firewall and network security platform, reached version 26.1, adding a range of updates affecting management, traffic visibility, automation interfaces, and core services.

Changes in firewall management and APIs

Version 26.1, code-named Witty Woodpecker, introduces revisions to the firewall user experience and its automation interfaces. The live firewall log function was updated to provide administrators with faster insight into real-time traffic decisions. A redesigned Firewall Rules interface restructures how rules are created and reviewed. API coverage was extended to include Source NAT tagging and Destination NAT (port forwarding), enabling deeper integration with external automation systems and orchestration workflows.

The expanded API endpoints aim to make OPNsense easier to manage programmatically across diverse deployment environments. Documentation accompanying the release notes highlights these additions as part of a broader shift toward an API-driven configuration model.

Threat intelligence and asset visibility

The platform now includes optional Q-Feeds integration through a plugin. Q-Feeds offers curated threat intelligence that can be applied directly within the firewall to update indicators of compromise (IoCs) and block specified IP addresses and domains. This integration is designed to help administrators apply real-world threat data to firewall enforcement.

OPNsense 26.1 also introduces a new Host Discovery service. The service automatically identifies connected devices on the network, giving administrators an overview of hosts without manual configuration. The feature is built into the platform and accessible from a unified interface.

System and service updates

The 26.1 update includes a series of enhancements to networking services and core system components:

Intrusion Detection and Prevention: The Intrusion Detection and Prevention System (IDPS) moved to a declarative conf.d structure. A new inline inspection mode was added.

The Intrusion Detection and Prevention System (IDPS) moved to a declarative conf.d structure. A new inline inspection mode was added. DNS and DHCP services: The Unbound DNS service gained support for multiple blocklist sources in the Community Edition. Improvements were made to prefix delegation handling in the Kea DHCP server.

The Unbound DNS service gained support for multiple blocklist sources in the Community Edition. Improvements were made to prefix delegation handling in the Kea DHCP server. Networking and interfaces: Router Advertisement and interface configuration were migrated to an MVC/API architecture. Default IPv6 handling was updated with dnsmasq.

Router Advertisement and interface configuration were migrated to an MVC/API architecture. Default IPv6 handling was updated with dnsmasq. System refinements: The setup wizard received ongoing adjustments, and changes were made to command execution and configuration cleanup to improve operational safety.

OPNsense 26.1 is available for free download here.

