Console Commands

System Management

# Access system menu
8

# Change root password
3

# Access shell
8
option 8

# System updates
12

# View system logs
2

# Reboot system
5

# Power off system
6

Network Configuration

# Configure interfaces
1

# Reset network config
4

# Configure VLANs
vlctl create vlan_name

# Set interface IP
ifconfig em0 inet 192.168.1.1/24

# Configure DNS
echo "nameserver 8.8.8.8" >> /etc/resolv.conf

# Reset web GUI password
configctl password reset admin

Firewall Rules

Basic Rule Management

# List all rules
pfctl -sr

# Show current state
pfctl -si

# Show statistics
pfctl -s info

# Flush all rules
pfctl -F all

# Reload rules
pfctl -f /etc/pf.conf

Advanced Rule Operations

# Block IP address
pfctl -t blocklist -T add 192.168.1.100

# Remove IP from block
pfctl -t blocklist -T delete 192.168.1.100

# View state table
pfctl -s state

# Clear state table
pfctl -F state

# Test configuration
pfctl -n -f /etc/pf.conf

Service Management

Core Services

# Restart specific service
service nginx restart

# Check service status
service openssh status

# Enable service at boot
rc-update add openssh

# Disable service
rc-update del openssh

# List running services
rc-status

Package Operations

# Update package repos
pkg update

# Install package
pkg install package_name

# Remove package
pkg delete package_name

# List installed packages
pkg info

# Search packages
pkg search keyword

Monitoring

System Status

# CPU usage
top

# Memory usage
vmstat

# Disk usage
df -h

# Network statistics
netstat -an

# Process list
ps aux

# Interface status
ifconfig

Network Diagnostics

# Trace route
traceroute hostname

# DNS lookup
nslookup domain

# Port scan
nc -zv host port

# Packet capture
tcpdump -i interface

# ARP table
arp -a

VPN Configuration

OpenVPN

# Generate certificates
openvpn --genkey --secret static.key

# Start OpenVPN server
openvpn --config server.conf

# Check VPN status
openvpn --status

# List connected clients
cat /var/log/openvpn-status.log

IPsec

# Restart IPsec
ipsec restart

# Check tunnel status
ipsec statusall

# List connections
ipsec list

# Verify configuration
ipsec verify

# Show active tunnels
ipsec trafficstatus

Backup & Recovery

Configuration Backup

# Backup config
configctl backup create

# List backups
configctl backup list

# Restore backup
configctl backup restore file

# Export config
cp /conf/config.xml /tmp/backup.xml

System Recovery

# Boot to single user
boot -s

# Recover root password
mount -u /

# Check filesystem
fsck -y /dev/ada0p2

# Reset to factory
rm -rf /conf/*.*

References

  • Based on OPNsense 23.7
  • Official documentation: https://docs.opnsense.org/
  • Community forum: https://forum.opnsense.org/
0 Comments for this cheatsheet. Write yours!