Automating configuration of OPNsense without the API

[jakobsen-lrz]

Hello,

i hope this is the right forum for this question, but i have a bit of a problem. I need a way to configure a Firewall using scripts and automation, but some things (AuthServers, Gateways, dhcpd, router advertisements, and Interface Assignments) cant be configured using the API.

What is the most elegant way to configure these other things using a script? The only way that i found, was using a php script that includes config.inc, and running that through the php interpreter.

Thanks.

[Monviech (Cedrik)]

So far not all components have an API yet but thats the long term goal, some features like Router Advertisements are migrated to MVC as we speak: https://opnsense.org/roadmap/



Maybe here you can find some inspiration how to automate non api components?
https://github.com/O-X-L/ansible-opnsense

[bimbar]

I dream of a direct CLI interface to the configuration like for example juniper or fortinet.

[Monviech (Cedrik)]

Other people dream about full OpenAPI spec. This would go hand in hand with the dream of a unified CLI.

There was somebody a while ago on github who wanted to parse all API endpoints and describe them via OpenAPI spec, and there were some PRs in the docs repo around improving the parsing.

But I dont know if anything happened afterwards.

Im the guy who prefers a GUI, while I was working with juniper devices I had like a folder where I stored many known good configurations so I knew where to look, but all in all a GUI is simpler. Only thing I miss is the commit revert timed feature.

[bimbar]

CLI mainly for quick setup via copy&paste of snippets.