NetDefense - CLI-first management platform for OPNsense fleets (open beta)

[Marcos Machado]

Hey everyone,

We've been building NetDefense - a management platform purpose-built for OPNsense - and we're opening it up for beta testing at https://netdefense.io.

What it does: If you manage more than a couple OPNsense boxes (MSP, multi-site, home lab fleet), NetDefense lets you control them all from a single CLI or web dashboard. The agent runs on OPNsense as a plugin and connects outbound to a control plane - no VPNs, no open management ports, no inbound attack surface.

What's working today:

• Policy templating: define firewall rules and aliases, VPN networks, software policies and apply everywhere. Variable substitution and inheritance from org-wide defaults down to per-device overrides.
• Config sync and pull: pull a running configuration from any device into a reusable template, then sync it across your entire fleet. Copy what works on one firewall and apply it everywhere.
• WireGuard mesh: spin up an encrypted mesh across your devices with one command. Auto generation of keys, peer config and firewall rules.
• Encrypted backups: schedule config backups to any S3-compatible storage (AWS, MinIO, Backblaze, etc.).
• Remote access: terminal and WebAdmin access to devices through the platform, pre-authenticated with no extra login required. No port forwarding needed.
• On-demand and scheduled actions: trigger tasks across devices on a schedule or ad hoc.
• AI agent support: full MCP integration so you can connect Claude or other AI agents to audit configs, generate reports, and manage your fleet through natural language.
• CLI + Web dashboard: the CLI is the automation workhorse for quick action and CI/CD workflows. The web dashboard covers day-to-day management and monitoring.

How the agent works: It's an OPNsense plugin. The agent initiates all connections outbound via WebSocket - your firewalls never expose management ports. Tasks are pulled, status is pushed.

Beta details:

• 10 devices, 5 users, 3 VPN networks, 500 snippets
• If you need higher limits, reach out, we're happy to talk and adjust for your use case. We're actively managing a 100-device fleet ourselves.
• Sign up at https://app.netdefense.io
• Docs at https://netdefense.io/docs
• Discussions at https://github.com/netdefense-io/Community/discussions

We're a small engineering team that's been working with firewalls and network security for 20+ years. NetDefense started as an OPNsense toolset for our own consulting services and grew into a full management platform. We're looking for feedback from other real-world users - especially MSPs and anyone managing multiple OPNsense devices.

Happy to answer any questions.