OPNsense
OPNsense is the edge router — the firewall and gateway at the boundary between the enclave and the open internet. Every packet in or out passes through it.
It is the one piece of the substrate that is also, in a sense, a security service: it is where the enclave’s network perimeter is defined and enforced. It is recorded in the Basement’s inventory (Zone 0), but its job is enclave-wide.
| Role | Where | Version |
|---|---|---|
| Edge router and firewall | enclave perimeter (Z0) | latest stable |