OPNsense is the edge router — the firewall and gateway at the boundary between the enclave and the open internet. Every packet in or out passes through it.

It is the one piece of the substrate that is also, in a sense, a security service: it is where the enclave’s network perimeter is defined and enforced. It is recorded in the Basement’s inventory (Zone 0), but its job is enclave-wide.

RoleWhereVersion
Edge router and firewallenclave perimeter (Z0)latest stable

Has anything touched?

If reading this made you want to argue with it, extend it, or notice what's missing, that's the signal to show up.

:/back-to-top