@ -107,14 +107,16 @@ as described at the support levels section.
:header:"Name", "Description"
"devel/debug", "Add several debugging tools to enable full stack traces on crash reports and extended syntax checks for development activities."
"net/firewall", "This package extends the standard OPNsense firewall system with endpoints for machine to machine management tasks. Gui components are initially only intended to ease testing and to explain current functionality."
"net/frr", "FRRouting (FRR) is an IP routing protocol suite for Linux and Unix platforms which includes protocol daemons for BGP, IS-IS, LDP, OSPF, PIM, and RIP."
"net/relayd", "relayd is a daemon to relay and dynamically redirect incoming connections to a target host. Its purposes is to run as a load-balancer. The daemon is able to monitor groups of hosts for availability, which is determined by checking for a specific service common to a host group. When availability is confirmed, Layer 3 and/or layer 7 forwarding services are set up by relayd."
"security/etpro-telemetry", "Todays cybersecurity engineers need timely and accurate data about eminent threats and how they spread around the globe. With this data cybersecurity researchers and analysts can improve the detection of malicious network traffic. The times when we could rely on just firewall rules for our protection are long gone. Additional layers of security are desperately needed to guard against these attacks."
"security/stunnel", "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."
"security/tinc", "tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet."
"sysutils/dec-hw", "This package allows fetching the current power status for Deciso appliances with dual power supplies via an API call and includes a simple dashboard widget."
"sysutils/git-backup", "This package adds a backup option using git version control."
"sysutils/vmware", "The Open Virtual Machine Tools (open-vm-tools) are the open source implementation of VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. As virtualization technology rapidly becomes mainstream, each virtualization solution provider implements their own set of tools and utilities to supplement the guest virtual machine. However, most of the implementations are proprietary and are tied to a specific virtualization platform."
"www/OPNProxy", "OPNsense proxy additions to support more fine grained access management"
"www/squid", "Squid is a fully-featured HTTP, HTTPS, FTP, etc. proxy offering rich access control, authorization and logging environment to develop web proxy and content serving applications."
..csv-table:: Tier 3
:header:"Name", "Description"
@ -157,17 +159,15 @@ as described at the support levels section.
"net/siproxd", "Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via an masquerading firewall (NAT). It allows SIP software clients (like kphone, linphone) or SIP hardware clients (Voice over IP phones which are SIP-compatible, such as those from Cisco, Grandstream or Snom) to work behind an IP masquerading firewall or NAT router."
"net/sslh", "Manage SSLH, the SSL/SHH multiplexer via the OPNsense web UI."
"net/tayga", "TAYGA is an out-of-kernel stateless NAT64 implementation that uses the TUN driver to exchange IPv4 and IPv6 packets with the kernel. It is intended to provide production-quality NAT64 service for networks where dedicated NAT64 hardware would be overkill."
"net/udpbroadcastrelay", "udbproadcastrelay is a UDP multicast relayer. Its intended use is to rebroadbcast udp packets on a specific port across interfaces, be those interfaces physical or VLAN."
"net/upnp", "MiniUPnPd is a lightweight implementation of a UPnP IGD daemon. This is supposed to be run on your gateway machine to allow client systems to redirect ports and punch holes in the firewall."
"net/udpbroadcastrelay", "udpbroadcastrelay is a UDP multicast relayer. Its intended use is to rebroadbcast udp packets on a specific port across interfaces, be those interfaces physical or VLAN."
"net/upnp", "MiniUPnPd is a lightweight implementation of a UPnP IGD & PCP/NAT-PMP daemon. This is supposed to be run on your gateway machine to allow client systems to map ports and punch holes in the firewall."
"net/vnstat", "vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that vnStat won't actually be sniffing any traffic and also ensures light use of system resources."
"net/wireguard", "WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."
"net/wireguard-go", "WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."
"net/wol", "wol implements Wake-On-LAN functionality in a small program. It wakes up hardware that is Magic Packet compliant."
"net/zerotier", "ZeroTier can be used for on-premise network virtualization, as a peer to peer VPN for mobile teams, for hybrid or multi-data-center cloud deployments, or just about anywhere else secure software defined virtual networking is useful."
"security/acme-client", "This plugin contains a full ACME protocol implementation based on the acme.sh project. According to the authors, it's probably 'the easiest and smallest and smartest shell script' to automatically issue and renew the free certificates from Let's Encrypt."
"security/clamav", "ClamAV(r) is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates."
"security/crowdsec", "Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user friendly design and assistance offers a low technical barrier of entry and nevertheless a high security gain."
"security/intrusion-detection-content-et-open", "IDS Proofpoint ET open ruleset duplicates rule files which are being delivered empty in ET Pro Telemetry edition so both can be installed."
"security/intrusion-detection-content-et-open", "IDS Proofpoint ET open full ruleset to complement ET Pro Telemetry edition. This plugin will trigger duplicate rules warnings in Suricata logs when selecting the same categories for both ET open and ET Telemetry."
"security/intrusion-detection-content-et-pro", "Proofpoint ET Pro is a timely and accurate rule set for detecting and blocking advanced threats using your existing network security appliances, such as next generation firewalls (NGFW) and network intrusion detection / prevention systems (IDS/IPS)"
"security/intrusion-detection-content-snort-vrt", "The Snort Subscriber Rule Set refer to rules that have been developed, tested and approved by the Talos Security Intelligence and Research Team (Talos). The Snort Subscriber Ruleset released after March 7th, 2005 are governed by the Snort Subscriber Rule Set License Agreement."
"security/maltrail", "Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL, IP address or HTTP User-Agent header value. Also, it uses advanced heuristic mechanisms that can help in discovery of unknown threats."
@ -176,7 +176,6 @@ as described at the support levels section.
"security/tor", "Tor is a connection-based low-latency anonymous communication system which addresses many flaws in the original onion routing design."
"security/wazuh-agent", "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments."
"sysutils/apcupsd", "Apcupsd, short for APC UPS daemon, can be used for controlling all APC UPS models. It can monitor and log the current power and battery status, perform automatic shutdown, and can run in network mode in order to power down other hosts on a LAN."
"sysutils/api-backup", "Provide the functionality to download the config.xml"
"sysutils/apuled", "LED control for PC Engines APU platform OPNsense plugin Cloudfence 2019 - JCC"
"sysutils/dmidecode", "Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB)."
"sysutils/hw-probe", "Send anonymized hardware diagnostics to https://bsd-hardware.info"
@ -193,5 +192,6 @@ as described at the support levels section.
"vendor/sunnyvalley", "This plugin adds a proprietary repository to install Zenarmor (previously Sensei), a plugin for OPNsense, complementing the firewall with state of the art next generation firewall features."
"www/c-icap", "c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services."
"www/cache", "Add and enable caching for the web GUI to accelerate requests."
"www/caddy", "Caddy - The Ultimate Server - makes your sites more secure, more reliable, and more scalable than any other solution. By default, Caddy automatically obtains and renews TLS certificates for all your sites. It's the most advanced HTTPS server in the world."
"www/nginx", "NGINX is a high performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure."
"www/web-proxy-sso", "Allow to use the web proxy with Single Sign-On against an Active Directory instead of using a bundled authentication."
Ad Schellevis
2 months ago