OPNsense CLI is a command-line utility for FreeBSD, Linux, MacOS and Windows that empowers administrators and power users to manage, configure, and monitor OPNsense firewall systems. The CLI provides an alternative method to browser-based GUI to interact with the firewall system.
opnsense [flags] command [parameters]
show [<xpath>]: Displays config.xml or the Xpath segment in itcompare [<staging.xml>] [<config.xml>]: Compares two config filesset <xpath> [value] [(attribute)]: Adds a new branch, value and/or attributeset <xpath> [value] [(attribute)] -d: Deletes branch, value and/or attributediscard [<xpath>]: Discards a value (or all changes) in the 'staging.xml'commit: Moves staging.xml to active 'config.xml'export [<source.xml>] [<target.xml>]: Extracts a patch fileimport [patch.xml]: Reads provided XML patch and injects it into 'staging.xml'backup [<backup.xml>]: Lists available backup configs or displays a specific backuprestore [<backup.xml>]: Restores config.xml from a specific backup.xml. (alias:load)save [<file.xml>]: Creates a new /conf/backup/file.xmldelete <backup.xml>: Deletes a specific backup.xml.delete age [days]: Deletes all backups older than specified daysdelete keep [count]: Keeps specified number of backups and deletes the restdelete trim [count]: Deletes number of the oldest backupssysinfo [<xpath>]: Retrieves system information from the firewallrun <service> <command>: Executes commands on OPNsense.
--target (-t): Sets the target OPNsense in the form ofuser@hostname[:port].--no-color (-n): Disable ANSI color output--force (-f): Removes checks and prompts beforeconfig.xmlorconfigctlare touched.--verbose (-v): Sets verbosity (1=error, 2=warning, 3=info, 4=note, 5=debug).--no-color (-n): Removes ANSI colors from the printout.--xml (-x): Displays results in XML format.--json (-j): Displays results in JSON format.--yaml (-y): Displays results in YAML format.