AdSchellevis
commented
2 months ago Hi Maarten,
Welcome to OPNsense, when starting plugin development, make sure to take a look at https://docs.opnsense.org/develop.html
When it comes to registering firewall rules dynamically, the firewall hooks are likely of interest (https://docs.opnsense.org/development/backend/legacy.html#firewall).
The wazuh agent plugin could be interesting to look at for inspiration https://github.com/opnsense/plugins/tree/master/security/wazuh-agent
If you open a PR and need some tips, just let us know, but keep in mind our community support time is limited and we do have to choose where to spend it.
Best regards,
Ad
MaartendeKruijf
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe. Hi, I'm Maarten de Kruijf from TNO working in the Cyber Security Technology department where we work on security automation. My colleague @RabbITCybErSeC and I are working to bring OpenC2 integration to OPNsense as a plugin.
OpenC2, developed by OASIS Open, is an universal way to control and configure firewall rules. The actuator profile used for this is: OpenC2 Actuator Profile for Packet Filtering Version 1.0.
Describe the solution you'd like With this issue we want to signify our intent to implement OpenC2 packet filtering profile consumer for OPNSense. As this is our first contribution to OPNsense we hope this community can guide us to make it a succes! (We are in the early stages of development but wanted to give you guys an early heads up and opportunity to formulate questions and give feedback)
Describe alternatives you've considered We have contemplated to go for a proxy based solution but figured a plugin would be the most clean way to add this functionality.
Additional context To give a bit of background: We eventually want to use this plugin with our open source security orchestrator SOARCA to be able to show the potential of OpenC2 and CACAO.