The inline IPS system of OPNsense is based on Suricata and utilises Netmap to enhance performance and minimize cpu utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed.



All available rule categories can easily be selected and applied with their defaults or custom setting.


The alerts are searchable within the user interface. Full details about the alert can be displayed.

Emerging Threats ETOpen Ruleset

OPNsense has integrated support for ET Open rules. The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. offer several blacklist for protecting against fraudulent networks. OPNsense has integrated support for SSL Blacklist (SSLBL), a project maintained by The goal is to provide a list of “bad” SSL certificates identified by to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists.

Feodo Tracker

Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud and steal sensitive information from the victims computer, such as credit card details or credentials. At the moment, Feodo Tracker is tracking four versions of Feodo.

Maxmind GeoLite2 Country

OPNsense has integrated GeoLite2 Country database support. GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s GeoIP2 databases. GeoLite2 databases are updated on the first Tuesday of each month.

Finger Printing

OPNsense includes a very polished solution to block protected sites based on their SSL fingerprint.