Opnsense-Helper

Api Docs for Opnsense_Helper pip package.

class opnsense_helper.opnsense_helper.Opnsense_Helper(host=None, ssh_auth=None, api_auth=None, conf_path='/conf/config.xml', temp_path='./config.xml', verbose=False, init_config_manager=True)

Bases: object

class Opnsense_Helper

Initialize an Opnsense_Helper instance.

Usage

see example.py

from opnsense_helper.opnsense_helper import Opnsense_Helper
from opnsense_helper.config_manager.config_manager import Vlan, Dhcpd, Interface
helper=Opnsense_Helper(host=host,ssh_auth=auth,temp_path=temp_path, init_config_manager=True)

Parameters

• hoststr

  The hostname or ip address of the opnsense firewall.

• ssh_authdict

  A dictionary containing the ssh authentication data. The dictionary must contain the keys “user” and “passw”.

• api_authdict

  A dictionary containing the api authentication data. The dictionary must contain the keys “api_key”, “api_secret”, “ssl” and “verify”.

• conf_pathstr

  The path to the config.xml on the opnsense firewall.

• temp_pathstr

  The path to the temporary config.xml file.

• verbosebool

  If True, the class will print debug messages.

• init_config_managerbool

  If True, the class will initialize the config_manager.

Attributes

• config_managerConfig_Manager

  An instance of the Config_Manager class.

• commandsCommands

  An instance of the Commands class.

• scriptsScripts

  An instance of the Scripts class.

coonfig_manager

Config_Manager class lets you assign configurations, by passing arrays of the corresponding Instances. Config_Manager will parse those objects to xml and automatically reconfigure your devices.

commands

Commands class lets you call configctl and pluginctl

class opnsense_helper.commands.commands.Commands(base)

Bases: object

class Commands

Usage

from opnsense_helper.opnsense_helper import Onsense_Helper
Onsense_Helper.commands.<attribute>.run(<command>,<argument>,<flags>)

Initialize the Commands class. * its just a wrapper for the pluginctl, configctl and reconfigure classes.

Parameters

baseBase_Class

• The parent object containing the needed ssh connection and the temp path to the config.xml.

Returns

• None

class opnsense_helper.commands.commands.configctl(base)

Bases: Exec_Class

class configctl

• Initialize the configctl class.

• Inherits from the Exec_Class class.

Usage

from opnsense_helper.opnsense_helper import Onsense_Helper
Commands.configctl.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details and configuration settings. If provided, its attributes will be copied to this instance.

Attributes

• commandsdict

  A dictionary of command configurations with keys for configctl options, each containing command details such as the command string, arguments, and flags.

  • auth : Execute configctl auth command

  • captiveportal : Execute configctl captiveportal command

  • configd : Execute configctl configd command

  • cron : Execute configctl cron command

  • dhcpd : Execute configctl dhcpd command

  • dhcpd6 : Execute configctl dhcpd6 command

  • dns : Execute configctl dns command

  • filter : Execute configctl filter command

  • firmware : Execute configctl firmware command

  • health : Execute configctl health command

  • ids : Execute configctl ids command

  • interface : Execute configctl interface command

  • ipfw : Execute configctl ipfw command

  • ipsec : Execute configctl ipsec command

  • kea : Execute configctl kea command

  • monit : Execute configctl monit command

  • netflow : Execute configctl netflow command

  • openssh : Execute configctl openssh command

  • openvpn : Execute configctl openvpn command

  • syslog : Execute configctl syslog command

  • system : Execute configctl system command

  • template : Execute configctl template command

  • unbound : Execute configctl unbound command

  • webgui : Execute configctl webgui command

  • wireguard : Execute configctl wireguard command

  • zfs : Execute configctl zfs command

class opnsense_helper.commands.commands.pluginctl(base)

Bases: Exec_Class

class pluginctl

Initializes the pluginctl class, inheriting from Exec_Class. If a base object is provided, its attributes are copied to the current instance. This initializer also sets up a dictionary of command configurations for various pluginctl operations.

Usage

from opnsense_helper.opnsense_helper import Onsense_Helper
Commands.pluginctl.run(<command>,<argument>,<flags>)

Attributes:

commandsdict

A dictionary where each key is a command name and the value is another dictionary containing:

• argumentstr

  The argument to be passed to the command. This is currently always None.

• flagslist

  A list of flags for the command. Currently, these are empty.

• commandstr

  The path to the script associated with the command.

The commands are as follows:

• ipv4: pluginctl -4, returns primary address of interface

• config: pluginctl -c, executes plugin [_configure] hook

• ifconfig: pluginctl -D, lists available devices

• device_info: pluginctl -d, lists registered devices

• flush: pluginctl -f, flushes config property (raw, e.g. system.firmware.plugins)

• get: pluginctl -g, get config property (raw, e.g. system.firmware.plugins)

• info: pluginctl -I, lists registered device statistics

• if_reg: pluginctl -i, invokes dynamic interface registration

• run: pluginctl -r, runs a command (e.g. myservice restart)

• service_dump: pluginctl -S, dumps service metadata

• service: pluginctl -s, executes service command (e.g. myservice restart)

class opnsense_helper.commands.commands.reconfigure(base)

Bases: Exec_Class

class reconfigure

• Initialize the reconfigure class.

• Inherits from the Exec_Class class.

Usage

from opnsense_helper.opnsense_helper import Onsense_Helper
Commands.reconfigure.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details and configuration settings. If provided, its attributes will be copied to this instance.

Attributes

commandsdict

A dictionary of command configurations with keys for ‘vlans’ and ‘interfaces’, each containing command details such as the command string, arguments, and flags.

• vlans : Execute reconfigure_vlans.php

• interfaces : Execute configctl interface reconfigure

scripts

You can call around 80 opnsense scripts.

class opnsense_helper.scripts.scripts.Scripts(base)

Bases: object

class Scripts

Initialize the Scripts class. * its just a wrapper for all the opnsense scripts classes. see attributes below.

Usage

Onsense_Helper.scripts.<attribute>.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class

• The parent object containing the needed ssh connection and the temp path to the config.xml.

Attributes

• unbound : unbound instance

• system : system instance

• syslog : syslog instance

• suricata : suricata instance

• shell : shell instance

• shaper : shaper instance

• routes : routes instance

• openvpn : openvpn instance

• openssh : openssh instance

• netflow : netflow instance

• ipsec : ipsec instance

• interfaces : interfaces instance

• health : health instance

• firmware : firmware instance

• filter : filter instance

• dns : dns instance

• dhcp : dhcp instance

• auth : auth instance

• Wireguard : Wireguard instance

class opnsense_helper.scripts.scripts.Wireguard(base)

Bases: Exec_Class

class Wireguard

Initializes the Wireguard class, inheriting from Exec_Class.

Usage

Scripts.Wireguard.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for Wireguard operations, each containing command details such as the command string and flags.

  scripts:

  • wg_show: executes wg_show.py

  • wg-service-control: executes wg-service-control.php

  • reresolve-dns: executes reresolve-dns.py

  • gen_keypair: executes gen_keypair.py

class opnsense_helper.scripts.scripts.auth(base)

Bases: Exec_Class

class auth

Initializes the auth class, inheriting from Exec_Class.

Usage

Scripts.auth.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for auth operations, each containing command details such as the command string and flags.

  scripts:

  • list_group_members: executes list_group_members.php

  • add_user: executes add_user.php

class opnsense_helper.scripts.scripts.dhcp(base)

Bases: Exec_Class

class dhcp

Initializes the dhcp class, inheriting from Exec_Class.

Usage

Scripts.dhcp.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commands : dict

  scripts:

  • unbound_watche: executes unbound_watcher.py*

  • prefixe: executes prefixes.sh*

  • prefixes: executes prefixes.php*

  • get_leases: executes get_leases6.py*

  • get_lease: executes get_leases.py*

  • get_kea_lease: executes get_kea_leases.py*

  • dnsmasq_watche: executes dnsmasq_watcher.py*

  • cleanup_leases6: executes cleanup_leases6.php*

  • cleanup_leases4: executes cleanup_leases4.php*

class opnsense_helper.scripts.scripts.dns(base)

Bases: Exec_Class

class dns

Initializes the dns class, inheriting from Exec_Class.

Usage

Scripts.dns.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commands : dict

  scripts:

  • query_dns: executes query_dns.py

class opnsense_helper.scripts.scripts.filter(base)

Bases: Exec_Class

class filter

Initializes the filter class, inheriting from Exec_Class.

Usage

Scripts.filter.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details and configuration settings.

Attributes

• commandsdict

  A dictionary of command configurations for filter operations

  scripts:

  • update_tables: executes update_tables.py*

  • update_bogons: executes update_bogons.sh*

  • run_unittests: executes run_unittests.py*

  • rule_stats: executes rule_stats.py*

  • rollback_timer.: executes rollback_timer.php*

  • rollback_cancel.: executes rollback_cancel.php*

  • read_log: executes read_log.py*

  • pftop: executes pftop.py*

  • pftablecount: executes pftablecount.py*

  • pfstatistics: executes pfstatistics.py*

  • list_tables: executes list_tables.py*

  • list_table: executes list_table.py*

  • list_states: executes list_states.py*

  • list_rule_ids: executes list_rule_ids.py*

  • list_pfsync: executes list_pfsync.py*

  • list_osfp: executes list_osfp.py*

  • kill_table: executes kill_table.py*

  • kill_states: executes kill_states.py*

  • find_table_references: executes find_table_references.py*

  • download_geoip: executes download_geoip.py*

  • delete_table: executes delete_table.py*

class opnsense_helper.scripts.scripts.firmware(base)

Bases: Exec_Class

clas firmware

Initializes the firmware class, inheriting from Exec_Class.

Usage

Scripts.firmware.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for firmware operations, each containing command details such as the command string and flags.

  scripts:

  • upgrade: executes upgrade.sh

  • update: executes update.sh

  • unlock: executes unlock.sh

  • sync.subr: executes sync.subr.sh

  • sync: executes sync.sh

  • security: executes security.sh

  • running: executes running.sh

  • resync: executes resync.sh

  • remove: executes remove.sh

  • reinstall: executes reinstall.sh

  • register.: executes register.php

  • reboot: executes reboot.sh

  • read: executes read.sh

  • query: executes query.sh

  • product.: executes product.php

  • plugin: executes plugin.sh

  • lock: executes lock.sh

  • license: executes license.sh

  • launcher: executes launcher.sh

  • latest.: executes latest.php

  • install: executes install.sh

  • health: executes health.sh

  • connection: executes connection.sh

  • check: executes check.sh

  • changelog: executes changelog.sh

class opnsense_helper.scripts.scripts.health(base)

Bases: Exec_Class

class heatlh

Initializes the health class, inheriting from Exec_Class.

Usage

Scripts.health.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for health operations, each containing command details such as the command string and flags.

  scripts:

  • listReports: executes listReports.py

  • flush_rrd: executes flush_rrd.py

  • fetchData: executes fetchData.py

class opnsense_helper.scripts.scripts.interfaces(base)

Bases: Exec_Class

class interfaces

Initializes the interfaces class, inheriting from Exec_Class.

Usage

Scripts.interfaces.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for interfaces operations, each containing command details such as the command string and flags.

  scripts:

  • traffic_top: executes traffic_top.py

  • traffic_stats: executes traffic_stats.php

  • traceroute: executes traceroute.py

  • rtsold_resolvconf: executes rtsold_resolvconf.sh

  • reconfigure_vlans: executes reconfigure_vlans.php

  • reconfigure_vips: executes reconfigure_vips.php

  • reconfigure_neighbors: executes reconfigure_neighbors.php

  • reconfigure_laggs: executes reconfigure_laggs.php

  • ppp-uptime: executes ppp-uptime.sh

  • ppp-rename: executes ppp-rename.sh

  • ppp-linkup: executes ppp-linkup.sh

  • ppp-linkdown: executes ppp-linkdown.sh

  • portprobe: executes portprobe.py

  • ping: executes ping.py

  • mpd: executes mpd.script

  • macinfo: executes macinfo.py

  • list_sockstat: executes list_sockstat.py

  • list_ndp: executes list_ndp.py

  • list_macdb: executes list_macdb.py

  • list_arp: executes list_arp.py

  • ifctl: executes ifctl.sh

  • dhclient: executes dhclient-script

  • carp_set_status: executes carp_set_status.php

  • carp_global_status: executes carp_global_status.php

  • capture: executes capture.py

class opnsense_helper.scripts.scripts.ipsec(base)

Bases: Exec_Class

class ipsec

Initializes the ipsec class, inheriting from Exec_Class.

Usage

Scripts.ipsec.run(<command>,<argument>,<flags>)

Parameters: base : Base_Class instance

The parent object containing necessary SSH connection details.

Attributes: - commands : dict

A dictionary of command configurations for ipsec operations, each containing command details such as the command string and flags.

scripts: - lib: executes the ipsec library directory - updown_event: executes updown_event.py - spddelete: executes spddelete.py - saddelete: executes saddelete.py - list_status: executes list_status.py - list_spd: executes list_spd.py - list_sad: executes list_sad.py - list_leases: executes list_leases.py - get_legacy_vti: executes get_legacy_vti.php - disconnect: executes disconnect.py - connect: executes connect.py

class opnsense_helper.scripts.scripts.netflow(base)

Bases: Exec_Class

class netflow

Initialize the netflow class, inheriting from Exec_Class.

Usage

Scripts.netflow.run(<command>,<argument>,<flags>)

Parameters: base : Base_Class instance

The parent object containing necessary SSH connection details.

Attributes: - commands : dict

A dictionary of command configurations for netflow operations, each containing command details such as the command string and flags.

scripts: - lib: executes the netflow library directory - get_top_usage: executes get_top_usage.py script - get_timeseries: executes get_timeseries.py script - flush_all: executes flush_all.sh script - flowd_aggregate_metadata: executes flowd_aggregate_metadata.py script - flowd_aggregate: executes flowd_aggregate.py script - export_details: executes export_details.py script - dump_log: executes dump_log.py script - flowctl_stats: executes flowctl_stats.py script

class opnsense_helper.scripts.scripts.openssh(base)

Bases: Exec_Class

class openssh

Initializes the openssh class, inheriting from Exec_Class.

Usage

Scripts.openssh.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for openssh operations, each containing command details such as the command string and flags.

  scripts:

  • ssh_query: executes ssh_query.py

class opnsense_helper.scripts.scripts.openvpn(base)

Bases: Exec_Class

class openvpn

Initializes the openvpn class, inheriting from Exec_Class.

Usage

Scripts.openvpn.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for openvpn operations, each containing command details such as the command string and flags.

  scripts:

  • user_pass_verify: executes user_pass_verify.php

  • tls_verify: executes tls_verify.php

  • ovpn_status: executes ovpn_status.py

  • ovpn_service_control: executes ovpn_service_control.php

  • ovpn_event: executes ovpn_event.py

  • kill_session: executes kill_session.py

  • client_disconnect: executes client_disconnect.sh

  • client_connect: executes client_connect.php

class opnsense_helper.scripts.scripts.routes(base)

Bases: Exec_Class

class routes

Initializes the routes class, inheriting from Exec_Class.

Usage

Scripts.routes.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for routes operations, each containing command details such as the command string and flags.

  scripts:

  • show_routes: executes show_routes.py

  • gateways: executes gateways.php

  • gateway_watcher: executes gateway_watcher.php

  • gateway_status: executes gateway_status.php

  • del_route: executes del_route.py

class opnsense_helper.scripts.scripts.shaper(base)

Bases: Exec_Class

class Shaper

Initializes the shaper class, inheriting from Exec_Class.

Usage

Scripts.suricata.shaper(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for shaper operations, each containing command details such as the command string and flags.

  scripts:

  • update_tables: executes update_tables

  • lib: executes lib/

  • dummynet_stats: executes dummynet_stats.py*

class opnsense_helper.scripts.scripts.shell(base)

Bases: Exec_Class

class Shell

Initializes the shell class, inheriting from Exec_Class.

Usage

Scripts.shell.run(<command>,<argument>,<flags>)

Parameters

base : Base_Class instance The parent object containing necessary SSH connection details and configuration settings.

Attributes

• commandsdict

  A dictionary of command configurations for shell operations, each containing command details such as the command string and flags.

  scripts:

  • setports: executes setports.php

  • setaddr: executes setaddr.php

  • restore: executes restore.sh

  • reboot: executes reboot.php

  • ping: executes ping.php

  • password: executes password.php

  • halt: executes halt.php

  • firmware: executes firmware.sh

  • defaults: executes defaults.php

  • banner: executes banner.php

class opnsense_helper.scripts.scripts.suricata(base)

Bases: Exec_Class

class suricata

Initializes the suricata class, inheriting from Exec_Class.

Usage

Scripts.suricata.run(<command>,<argument>,<flags>)

Parameters

base : Base_Class instance The parent object containing necessary SSH connection details and configuration settings.

Attributes

• commandsdict

  A dictionary of command configurations for suricata operations

  scripts:

  • setup: executes setup.sh*

  • rule-updater: executes rule-updater.py*

  • queryInstalledRules: executes queryInstalledRules.py*

  • queryAlertLog: executes queryAlertLog.py*

  • metadata: executes metadata/

  • listRuleMetadata: executes listRuleMetadata.py*

  • listInstallableRulesets: executes listInstallableRulesets.py*

  • listAlertLogs: executes listAlertLogs.py*

  • lib: executes lib/

  • installRules: executes installRules.py*

  • dropAlertLog: executes dropAlertLog.py*

  • __init__: executes __init__.py*

class opnsense_helper.scripts.scripts.syslog(base)

Bases: Exec_Class

class syslog

Initializes the syslog class, inheriting from Exec_Class.

Usage

Scripts.syslog.run(<command>,<argument>,<flags>)

Parameters

base : Base_Class instance The parent object containing necessary SSH connection details and configuration settings.

Attributes

• commandsdict

  A dictionary of command configurations for syslog operations, each containing command details such as the command string and flags.

  scripts:

  • queryLog: executes queryLog.py

  • logformats: executes logformats/

  • log_archive: executes log_archive*

  • lockout_handler: executes lockout_handler*

  • list_applications: executes list_applications.php

  • generate_certs: executes generate_certs*

  • clearlog: executes clearlog.php

class opnsense_helper.scripts.scripts.system(base)

Bases: Exec_Class

class system

Initializes the system class, inheriting from Exec_Class.

Usage

Scripts.system.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details.

Attributes

• commandsdict

  A dictionary of command configurations for system operations, each containing command details such as the command string and flags.

  scripts:

  • trigger_config_changed_events: executes trigger_config_changed_events.py

  • temperature: executes temperature.sh

  • sysctl: executes sysctl.py

  • status: executes status.php

  • ssl_ciphers: executes ssl_ciphers.py

  • rrd_pfstate_info: executes rrd_pfstate_info.py

  • rfc5246_cipher_suites: executes rfc5246_cipher_suites.csv

  • remote_backup: executes remote_backup.php

  • nameservers: executes nameservers.php

  • certctl: executes certctl.py

  • activity: executes activity.py

class opnsense_helper.scripts.scripts.unbound(base)

Bases: Exec_Class

class unbound

• Initializes the unbound class, inheriting from Exec_Class.

Usage

Scripts.unbound.run(<command>,<argument>,<flags>)

Parameters

baseBase_Class instance

The parent object containing necessary SSH connection details

Attributes

• commandsdict

  A dictionary of command configurations with keys for configctl options, each containing command details such as the command string, arguments, and flags.

  scripts:

  • wrapper: executes wrapper.py

  • stats: executes stats.py

  • start: executes start.sh

  • restore_db: executes restore_db.py

  • logger: executes logger.py

  • check: executes check.sh*

  • cache: executes cache.sh*

  • blocklists: executes blocklists.py