Python wrapper for the OPNsense REST API
Project description
opnsense-py
A synchronous Python client library and CLI for the OPNsense REST API.
Installation
# Library only
pip install opnsense-py
# Library + CLI (opn / opnsense commands)
pip install opnsense-py[cli]
Requires Python 3.12+.
CLI quick start
# HTTPS with self-signed certificate (most common)
opn --host 192.168.1.1 --no-verify-ssl --api-key KEY --api-secret SECRET system status
# Plain HTTP
opn --host 192.168.1.1 --no-tls --api-key KEY --api-secret SECRET system status
Configuration file
Store connection settings in ~/.config/opnsense-py/config.toml to avoid repeating flags:
[default]
host = "192.168.1.1"
api_key = "your-key"
api_secret = "your-secret"
verify_ssl = "false"
[prod]
host = "firewall.example.com"
api_key = "prod-key"
api_secret = "prod-secret"
Switch profiles with --profile prod or OPNSENSE_PROFILE=prod.
Environment variables
| Variable | Description |
|---|---|
OPNSENSE_HOST |
Hostname or IP |
OPNSENSE_API_KEY |
API key |
OPNSENSE_API_SECRET |
API secret |
OPNSENSE_VERIFY_SSL |
Set to false to skip TLS verification |
OPNSENSE_NO_TLS |
Set to 1 to use plain HTTP |
OPNSENSE_PROFILE |
Config file profile (default: default) |
Output formats
opn -o table firewall alias list # default: human-readable table
opn -o json firewall alias list # JSON (pipe-friendly)
opn -o plain firewall alias list # one value/UUID per line
Available commands
| Command | Description |
|---|---|
auth |
Users, groups, API keys |
captiveportal |
Captive portal zones, sessions, vouchers |
cron |
Cron jobs |
dhcrelay |
DHCP relay |
diagnostics |
ARP, routes, interfaces, firewall states, traffic |
dnsmasq |
Dnsmasq DNS/DHCP host entries and domain overrides |
firewall |
Aliases, rules, NAT (DNAT/SNAT) |
firmware |
Firmware updates and package management |
haproxy |
HAProxy frontends, backends, servers |
hostdiscovery |
Network host scanning |
ids |
Suricata IDS/IPS policies, rules, alerts |
ipsec |
IPsec VPN connections, child SAs, sessions |
kea |
Kea DHCP subnets and reservations |
monit |
Monit service checks, tests, alerts |
ntpd |
NTP daemon status |
openvpn |
OpenVPN instances, overwrites, sessions |
radvd |
Router Advertisement daemon |
routes |
Static routes |
routing |
Gateway definitions |
syslog |
Remote syslog destinations |
system |
System status, services, tunables, backups, reboot |
trafficshaper |
Traffic shaper pipes, queues, rules |
trust |
Certificate authorities, certificates, CRLs |
unbound |
Unbound DNS resolver hosts, forwards, ACLs |
wireguard |
WireGuard VPN servers and peers |
Run any command with --help for full usage.
Library usage
from opnsense_py import OPNsenseClient
with OPNsenseClient(
host="192.168.1.1",
api_key="your-key",
api_secret="your-secret",
verify_ssl=False,
) as client:
# List firewall aliases
aliases = client.firewall.search_aliases()
for alias in aliases.rows:
print(alias.name, alias.type)
# Add a cron job
from opnsense_py.models.cron import CronJob
result = client.cron.add_job(CronJob(
command="firmware",
description="Nightly firmware check",
minutes="0", hours="2",
days="*", months="*", weekdays="*",
))
print(result.uuid)
Architecture
The client is structured in layers:
OPNsenseClient— top-level entry point; manages anhttpx.Clientwith Basic Auth. All API modules are lazy-loaded as@cached_propertyattributes.BaseModule— base class providing generic CRUD helpers (_search,_get_item,_add_item, etc.) and service control helpers.- Module classes (
modules/core/,modules/plugins/) — one per OPNsense subsystem, returning typed Pydantic models. - Pydantic models (
models/) — typed representations of OPNsense entities; all extendOPNsenseModelwithextra="allow"so unrecognised fields are preserved. - Exceptions —
OPNsenseError→OPNsenseHTTPError→OPNsenseAuthError/OPNsenseNotFoundError; plusOPNsenseValidationErrorfor HTTP 200 responses with validation errors.
Development
# Install with dev dependencies
poetry install --extras cli
# Run tests
poetry run pytest
# Lint
poetry run ruff check .
# Type check
poetry run mypy opnsense_py/
# Run a single test
poetry run pytest tests/unit/modules/core/test_cron.py::test_search_jobs
Integration tests require a live OPNsense instance and are skipped by default:
OPNSENSE_HOST=192.168.1.1 OPNSENSE_API_KEY=... OPNSENSE_API_SECRET=... \
poetry run pytest -m integration
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
opnsense_py-0.1.1.tar.gz
(65.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file opnsense_py-0.1.1.tar.gz.
File metadata
- Download URL: opnsense_py-0.1.1.tar.gz
- Upload date:
- Size: 65.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9d612739e9f5046468aac7567e0ee4c4ea34f7b92fae56d4423f52ab0481ea2f
|
|
| MD5 |
7156131df2bb2eb03697337d8eb40a75
|
|
| BLAKE2b-256 |
5e0742a5e72146cccabb0440050d5e03fb811340ae0ccde926278c88009a4686
|
Provenance
The following attestation bundles were made for opnsense_py-0.1.1.tar.gz:
Publisher:
workflow.yaml on singularcurio/opnsense-py
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
opnsense_py-0.1.1.tar.gz -
Subject digest:
9d612739e9f5046468aac7567e0ee4c4ea34f7b92fae56d4423f52ab0481ea2f - Sigstore transparency entry: 1189055989
- Sigstore integration time:
-
Permalink:
singularcurio/opnsense-py@e968011d52a3111dc8cb3564f264cab12c7530b1 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/singularcurio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
workflow.yaml@e968011d52a3111dc8cb3564f264cab12c7530b1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file opnsense_py-0.1.1-py3-none-any.whl.
File metadata
- Download URL: opnsense_py-0.1.1-py3-none-any.whl
- Upload date:
- Size: 90.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e7da0e1fba6ddfa54ab1ff7a013b340618c1e27d80bc384a4b021364b975ce7b
|
|
| MD5 |
53c753655bec0492bda1f295a82b5734
|
|
| BLAKE2b-256 |
0cac7612d96993f8810d48fdf19577fa8a3b06eba259b581b33bfe5b0c28a299
|
Provenance
The following attestation bundles were made for opnsense_py-0.1.1-py3-none-any.whl:
Publisher:
workflow.yaml on singularcurio/opnsense-py
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
opnsense_py-0.1.1-py3-none-any.whl -
Subject digest:
e7da0e1fba6ddfa54ab1ff7a013b340618c1e27d80bc384a4b021364b975ce7b - Sigstore transparency entry: 1189056017
- Sigstore integration time:
-
Permalink:
singularcurio/opnsense-py@e968011d52a3111dc8cb3564f264cab12c7530b1 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/singularcurio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
workflow.yaml@e968011d52a3111dc8cb3564f264cab12c7530b1 -
Trigger Event:
push
-
Statement type:
