opnsense-api2 0.7.2__py3-none-any.whl

opnsense_api/__init__.py

@@ -0,0 +1,5 @@
+try:
+    from importlib.metadata import version
+    __version__ = version("opnsense-api2")
+except Exception:
+    __version__ = "dev"

opnsense_api/api/acmeclient.py

@@ -0,0 +1,71 @@
+import time
+from opnsense_api.api.acmeclient_accounts_client import AcmeclientAccountsClient
+from opnsense_api.api.acmeclient_certificates_client import AcmeclientCertificatesClient
+from opnsense_api.api.acmeclient_validations_client import AcmeclientValidationsClient
+from opnsense_api.pydantic.Certificate import Certificate
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+
+
+class Acmeclient(AcmeclientCertificatesClient, AcmeclientAccountsClient, AcmeclientValidationsClient):
+
+    def acmecient(self, domain, account_value, renew_interval=15) -> Certificate:
+        certificates = self.acmeclient_certificates_search(SearchRequest.search(domain))
+        for certificate in certificates.rows: # type: Certificate
+            if certificate.name == domain:
+                print("Warning certificate already exists")
+                return certificate
+        accounts = self.acmeclient_accounts_search()
+        account_uuid = None
+        if len(accounts.rows) == 1:
+            account_uuid = accounts.rows[0].uuid
+        for account in accounts.rows:
+            if account.name == account_value or account.uuid == account_value:
+                account_uuid = account.uuid
+        if account_uuid is None:
+            raise Exception("Account not found")
+
+        validations = self.acmeclient_validations_search()
+        validations_uuid = None
+        if len(validations.rows) == 1:
+            validations_uuid = validations.rows[0].uuid
+        if validations_uuid is None:
+            raise Exception("Validation not found")
+
+        item = Certificate(
+            enabled=True,
+            name=domain,
+            account=str(account_uuid),
+            validationMethod=str(validations_uuid),
+            keyLength=Certificate.CertificatesCertificateKeylengthEnum.KEY_4096,
+            ocsp=False,
+            autoRenewal=True,
+            renewInterval=renew_interval,
+            aliasmode=Certificate.CertificatesCertificateAliasmodeEnum.NONE
+        )
+        cert = self.acmeclient_certificates_add(item)
+        self.acmeclient_certificates_sign(cert.uuid)
+        return self.acmeclient_certificates_get(cert.uuid)
+
+    def acmeclient_wait_cert_issued(self, domain, timeout=10, interval_sleep=1) -> Certificate | None:
+        """
+        The certRefId will be set after the certificate is issued. This can take a undefined amount of time.
+        (acme server rate limits for example). Only after the certificate is issued it can be connected to a service
+
+        :param interval_sleep: time to sleep in between attempts
+        :param timeout: time in seconds to wait for the certificate to be issued
+        :param domain:
+        :return: None on timeout else CertificateResponse
+        """
+        start = time.time()
+
+        while time.time() - start < timeout:
+            certificates = self.acmeclient_certificates_search(domain)
+            for cert in certificates.rows:
+                if cert.name == domain:
+                    if cert.certRefId is not None:
+                        return cert
+            time.sleep(interval_sleep)
+        else:
+            print("Error: Unable to assign certificate due to certificate not issued in time")
+            return None
+        return certificate

opnsense_api/api/acmeclient_accounts_client.py

@@ -0,0 +1,15 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.Account import Account
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import AccountSearchResult
+
+
+class AcmeclientAccountsClient(BaseClient):
+
+    def acmeclient_accounts_search(self, search: SearchRequest = None) -> AccountSearchResult:
+        s = search
+        if s is not None:
+            s = s.__dict__
+        data = self._post('acmeclient/accounts/search', s)
+        # print(data)
+        return AccountSearchResult.from_basic_dict(data, Account)

opnsense_api/api/acmeclient_certificates_client.py

@@ -0,0 +1,29 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.Certificate import Certificate
+from opnsense_api.pydantic.Response import Response
+from opnsense_api.pydantic.Result import Result
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import BaseObjectSearchResult, CertificateSearchResult
+
+
+class AcmeclientCertificatesClient(BaseClient):
+
+    def acmeclient_certificates_get(self, uuid = None) -> Certificate:
+        data = self._get('acmeclient/certificates/get' + self._get_arg_formatter(uuid))
+        # print(data)
+        return Certificate.from_ui_dict(data)
+
+    def acmeclient_certificates_search(self, search: SearchRequest = None) -> CertificateSearchResult:
+        data = self._post('acmeclient/certificates/search', search)
+        # print(data)
+        return CertificateSearchResult.from_basic_dict(data, Certificate)
+
+    def acmeclient_certificates_add(self, item: Certificate):
+        data = self._post('acmeclient/certificates/add', item)
+        # print(data)
+        return Result.from_ui_dict(data)
+
+    def acmeclient_certificates_sign(self, uuid = None):
+        data = self._post('acmeclient/certificates/sign' + self._get_arg_formatter(uuid), '')
+        # print(data)
+        return Response.from_basic_dict(data)

opnsense_api/api/acmeclient_validations_client.py

@@ -0,0 +1,15 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import BaseObjectSearchResult, ValidationSearchResult
+from opnsense_api.pydantic.Validation import Validation
+
+
+class AcmeclientValidationsClient(BaseClient):
+
+    def acmeclient_validations_search(self, search: SearchRequest = None) -> ValidationSearchResult:
+        s = search
+        if s is not None:
+            s = s.__dict__
+        data = self._post('acmeclient/validations/search', s)
+        # print(data)
+        return ValidationSearchResult.from_basic_dict(data, Validation)

opnsense_api/api/auth_group_client.py

@@ -0,0 +1,18 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.Group import Group
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import GroupSearchResult
+
+
+class AuthGroup(BaseClient):
+
+    def auth_group_search(self, search: SearchRequest = None) -> GroupSearchResult:
+        if search is not None:
+            data = self._post('auth/group/search', search.__dict__)
+        else:
+            data = self._get('auth/group/search')
+        return GroupSearchResult.from_ui_dict(data, Group)
+
+    def auth_group_get(self, uuid: str = None) -> Group:
+        data = self._get('auth/group/get' + self._get_arg_formatter(uuid))
+        return Group.from_ui_dict(data)

opnsense_api/api/auth_user_client.py

@@ -0,0 +1,22 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.ApiUser import ApiUser
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import ApiUserSearchResult, UserSearchResult
+from opnsense_api.pydantic.User import User
+
+
+class AuthUser(BaseClient):
+
+    def auth_user_search_api_key(self, search: SearchRequest = None) -> ApiUserSearchResult:
+        if search is not None:
+            data = self._post('auth/user/search_api_key', search.__dict__)
+        else:
+            data = self._get('auth/user/search_api_key')
+        return ApiUserSearchResult.from_ui_dict(data, ApiUser)
+
+    def auth_user_search(self, search: SearchRequest = None) -> UserSearchResult:
+        if search is not None:
+            data = self._post('auth/user/search', search.__dict__)
+        else:
+            data = self._get('auth/user/search')
+        return UserSearchResult.from_ui_dict(data, User)

opnsense_api/api/core_backup_client.py

@@ -0,0 +1,80 @@
+from typing import List, Optional
+
+from opnsense_api.base_client import BaseClient
+
+
+class CoreBackupClient(BaseClient):
+
+    def core_backup_backups(self, host: str = 'this') -> dict:
+        """List available backups for a host."""
+        return self._get(f'core/backup/backups/{host}')
+
+    def core_backup_providers(self) -> dict:
+        """List available backup providers."""
+        return self._get('core/backup/providers')
+
+    def core_backup_download(self, host: str = 'this', backup: str = None) -> str:
+        """Download a backup config as XML string.
+
+        Args:
+            host: Backup provider host (default 'this' for local).
+            backup: Specific backup name/timestamp. If None, downloads current config.
+
+        Returns:
+            XML config content as string.
+        """
+        endpoint = f'core/backup/download/{host}'
+        if backup:
+            endpoint += f'/{backup}'
+        return self._get(endpoint, raw=True)
+
+    def core_backup_download_to_file(self, path: str, host: str = 'this', backup: str = None) -> str:
+        """Download a backup config and save it to a local file.
+
+        Args:
+            path: Local file path to save the config to.
+            host: Backup provider host (default 'this' for local).
+            backup: Specific backup name/timestamp. If None, downloads current config.
+
+        Returns:
+            The file path written to.
+        """
+        content = self.core_backup_download(host=host, backup=backup)
+        with open(path, 'w') as f:
+            f.write(content)
+        return path
+
+    def core_backup_diff(self, host: str, backup1: str, backup2: str) -> str:
+        """Get diff between two backups.
+
+        Args:
+            host: Backup provider host.
+            backup1: First backup identifier.
+            backup2: Second backup identifier.
+
+        Returns:
+            Diff output as string.
+        """
+        return self._get(f'core/backup/diff/{host}/{backup1}/{backup2}', raw=True)
+
+    def core_backup_delete(self, backup: str) -> dict:
+        """Delete a backup.
+
+        Args:
+            backup: Backup identifier to delete.
+
+        Returns:
+            API response dict.
+        """
+        return self._post('core/backup/delete_backup', {'backup': backup})
+
+    def core_backup_revert(self, backup: str) -> dict:
+        """Revert to a specific backup.
+
+        Args:
+            backup: Backup identifier to revert to.
+
+        Returns:
+            API response dict.
+        """
+        return self._post('core/backup/revert_backup', {'backup': backup})

opnsense_api/api/core_firmware_client.py

@@ -0,0 +1,34 @@
+import time
+
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.FirmwareInfo import FirmwareInfo
+from opnsense_api.pydantic.PluginDetail import PluginDetail
+from opnsense_api.pydantic.Status import Status
+from opnsense_api.pydantic.UpdateStatus import UpdateStatus
+
+
+class CoreFirmwareClient(BaseClient):
+
+    def core_firmware_status(self) -> UpdateStatus:
+        data = self._get('core/firmware/status')
+        return UpdateStatus(**data)
+
+    def core_firmware_info(self) -> FirmwareInfo:
+        data = self._get('core/firmware/info')
+        return FirmwareInfo(**data)
+
+    def core_firmware_install(self, package_name) -> Status:
+        data = self._post('core/firmware/install/'+package_name, '')
+        return Status(**data)
+
+    def core_firmware_detail(self, package_name) -> PluginDetail:
+        data = self._post('core/firmware/details/'+package_name, '')
+        return PluginDetail(**data)
+
+    def package_install_wait(self, package_name):
+        self.core_firmware_install(package_name)
+        info = self.core_firmware_info()
+        installed = info.is_installed(package_name)
+        while not installed:
+            time.sleep(5)
+            installed = info.is_installed(package_name)

opnsense_api/api/firewall_alias_client.py

@@ -0,0 +1,48 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.Alias import Alias
+from opnsense_api.pydantic.Result import Result
+from opnsense_api.pydantic.SearchResult import AliasSearchResult
+
+
+class FirewallAliasClient(BaseClient):
+
+    def firewall_alias_add_item(self, alias: Alias) -> Result:
+        data = self._post('firewall/alias/add_item', alias)
+        return Result(**data)
+
+    def firewall_alias_set_item(self, uuid: str, alias: Alias) -> Result:
+        data = self._post(f'firewall/alias/set_item/{uuid}', alias)
+        return Result(**data)
+
+    def firewall_alias_del_item(self, uuid: str) -> Result:
+        data = self._post(f'firewall/alias/del_item/{uuid}', '')
+        return Result(**data)
+
+    def firewall_alias_toggle_item(self, uuid: str, enabled: bool = None) -> Result:
+        endpoint = f'firewall/alias/toggle_item/{uuid}'
+        if enabled is not None:
+            endpoint += f'/{1 if enabled else 0}'
+        data = self._post(endpoint, '')
+        return Result(**data)
+
+    def firewall_alias_reconfigure(self) -> Result:
+        data = self._post('firewall/alias/reconfigure', '')
+        return Result(**data)
+
+    def firewall_alias_search_item(self) -> AliasSearchResult:
+        data = self._get('firewall/alias/search_item')
+        return AliasSearchResult.from_ui_dict(data, Alias)
+
+    def firewall_alias_get_item(self, uuid=None) -> Alias:
+        data = self._get('firewall/alias/get_item' + self._get_arg_formatter(uuid))
+        # print(data)
+        return Alias.from_ui_dict(data)
+
+    def firewall_alias_get(self) -> Alias:
+        """
+        @todo
+        {"alias":{"geoip":{"url":""},"aliases":{"alias":{"3d6a0b47-4d09-41fb-a38a-bd0bf321dbb4":{"enabled":"1","name":"test","type":{"host":{"value":"Host(s)","selected":1},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":0},"external":{"value":"External (advanced)","selected":0}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"0","updatefreq":"","content":{"127.0.0.1":{"value":"127.0.0.1","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"1","last_updated":"2025-12-09T14:24:53.729370","eval_nomatch":"0","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":""},"__wan_network":{"enabled":"1","name":"__wan_network","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":1},"external":{"value":"External (advanced)","selected":0}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"1","last_updated":"","eval_nomatch":"0","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"wan net"},"__lan_network":{"enabled":"1","name":"__lan_network","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":1},"external":{"value":"External (advanced)","selected":0}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"1","last_updated":"","eval_nomatch":"0","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"lan net"},"__lo0_network":{"enabled":"1","name":"__lo0_network","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":1},"external":{"value":"External (advanced)","selected":0}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"2","last_updated":"","eval_nomatch":"0","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"Loopback net"},"bogons":{"enabled":"1","name":"bogons","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":0},"external":{"value":"External (advanced)","selected":1}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"2868","last_updated":"","eval_nomatch":"0","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"bogon networks (internal)"},"bogonsv6":{"enabled":"1","name":"bogonsv6","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":0},"external":{"value":"External (advanced)","selected":1}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"0","last_updated":"","eval_nomatch":"0","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"bogon networks IPv6 (internal)"},"virusprot":{"enabled":"1","name":"virusprot","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":0},"external":{"value":"External (advanced)","selected":1}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"3600","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"0","last_updated":"","eval_nomatch":"4562325","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"overload table for rate limiting (internal)"},"sshlockout":{"enabled":"1","name":"sshlockout","type":{"host":{"value":"Host(s)","selected":0},"network":{"value":"Network(s)","selected":0},"port":{"value":"Port(s)","selected":0},"url":{"value":"URL (IPs)","selected":0},"urltable":{"value":"URL Table (IPs)","selected":0},"urljson":{"value":"URL Table in JSON format (IPs)","selected":0},"geoip":{"value":"GeoIP","selected":0},"networkgroup":{"value":"Network group","selected":0},"mac":{"value":"MAC address","selected":0},"asn":{"value":"BGP ASN","selected":0},"dynipv6host":{"value":"Dynamic IPv6 Host","selected":0},"authgroup":{"value":"OpenVPN group","selected":0},"internal":{"value":"Internal (automatic)","selected":0},"external":{"value":"External (advanced)","selected":1}},"path_expression":"","proto":{"IPv4":{"value":"IPv4","selected":0},"IPv6":{"value":"IPv6","selected":0}},"interface":{"":{"value":"None","selected":1},"lan":{"value":"LAN","selected":0},"wan":{"value":"WAN","selected":0}},"counters":"","updatefreq":"","content":{"":{"value":"","selected":1}},"password":"","username":"","authtype":{"":{"value":"None","selected":1},"Basic":{"value":"Basic","selected":0},"Bearer":{"value":"Bearer","selected":0},"Header":{"value":"Header","selected":0}},"expire":"3600","categories":{"b7e1b92a-764f-4024-a9c4-4caa2f0a5c4f":{"value":"Hosts","selected":0},"1fc36d4a-aa9e-4167-b1c9-3fe52b3d921b":{"value":"Routers","selected":0},"953f55fa-387b-4814-9c6e-2cfdd1af0869":{"value":"Switches","selected":0}},"current_items":"0","last_updated":"","eval_nomatch":"1938974","eval_match":"0","in_block_p":"0","in_block_b":"0","in_pass_p":"0","in_pass_b":"0","out_block_p":"0","out_block_b":"0","out_pass_p":"0","out_pass_b":"0","description":"abuse lockout table (internal)"}}}}}
+        """
+        data = self._get('firewall/alias/get')
+        # print(data)
+        return Alias.from_ui_dict(data)

opnsense_api/api/firewall_category_client.py

@@ -0,0 +1,20 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.Category import Category
+from opnsense_api.pydantic.Result import Result
+from opnsense_api.pydantic.SearchResult import CategorySearchResult
+
+
+class FirewallCategoryClient(BaseClient):
+
+    def firewall_category_add_item(self, category: Category) -> Result:
+        data = self._post('firewall/category/add_item', category)
+        return Result(**data)
+
+    def firewall_category_search_item(self) -> CategorySearchResult:
+        data = self._get('firewall/category/search_item')
+        return CategorySearchResult.from_ui_dict(data, Category)
+
+    def firewall_category_get(self, uuid=None) -> Category:
+        data = self._get('firewall/category/get_item' + self._get_arg_formatter(uuid))
+        # print(data)
+        return Category.from_ui_dict(data)

opnsense_api/api/firewall_dnat_client.py

@@ -0,0 +1,141 @@
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.DNATRule import Rule as DNATRule
+from opnsense_api.pydantic.Result import Result
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import DNATRuleSearchResult
+
+
+class FirewallDnatClient(BaseClient):
+    """Client for OPNsense DNAT (Destination NAT / Port Forward) API."""
+
+    def firewall_dnat_search_rule(self, search: SearchRequest = None) -> DNATRuleSearchResult:
+        """
+        Search DNAT (port forward) rules.
+
+        Args:
+            search: Optional search parameters
+
+        Returns:
+            DNATRuleSearchResult with matching rules
+        """
+        data = self._search('firewall/d_nat/searchRule', search)
+        return DNATRuleSearchResult.from_ui_dict(data, DNATRule)
+
+    def firewall_dnat_get_rule(self, uuid: str = None) -> DNATRule:
+        """
+        Get a specific DNAT rule by UUID.
+
+        Args:
+            uuid: UUID of the rule (optional, returns template if None)
+
+        Returns:
+            DNATRule entity
+        """
+        data = self._get('firewall/d_nat/getRule' + self._get_arg_formatter(uuid))
+        return DNATRule.from_ui_dict(data)
+
+    def firewall_dnat_add_rule(self, rule: DNATRule) -> Result:
+        """
+        Add a new DNAT (port forward) rule.
+
+        Args:
+            rule: DNATRule entity to create
+
+        Returns:
+            Result with UUID of created rule
+        """
+        data = self._post('firewall/d_nat/addRule', rule)
+        return Result(**data)
+
+    def firewall_dnat_set_rule(self, uuid: str, rule: DNATRule) -> Result:
+        """
+        Update an existing DNAT rule.
+
+        Args:
+            uuid: UUID of the rule to update
+            rule: Updated DNATRule entity
+
+        Returns:
+            Result object
+        """
+        data = self._post(f'firewall/d_nat/setRule/{uuid}', rule)
+        return Result(**data)
+
+    def firewall_dnat_del_rule(self, uuid: str) -> Result:
+        """
+        Delete a DNAT rule.
+
+        Args:
+            uuid: UUID of the rule to delete
+
+        Returns:
+            Result object
+        """
+        data = self._post(f'firewall/d_nat/delRule/{uuid}', '')
+        return Result(**data)
+
+    def firewall_dnat_toggle_rule(self, uuid: str, disabled: bool = None) -> Result:
+        """
+        Toggle a DNAT rule's enabled state.
+
+        Args:
+            uuid: UUID of the rule to toggle
+            disabled: Optional explicit state (True=disabled, False=enabled)
+
+        Returns:
+            Result object
+        """
+        endpoint = f'firewall/d_nat/toggleRule/{uuid}'
+        if disabled is not None:
+            endpoint += f'/{1 if disabled else 0}'
+        data = self._post(endpoint, '')
+        return Result(**data)
+
+    def firewall_dnat_move_rule_before(self, selected_uuid: str, target_uuid: str) -> dict:
+        """
+        Move a DNAT rule before another rule.
+
+        Args:
+            selected_uuid: UUID of rule to move
+            target_uuid: UUID of target rule (selected will be placed before this)
+
+        Returns:
+            API response dict
+        """
+        return self._get(f'firewall/d_nat/moveRuleBefore/{selected_uuid},{target_uuid}')
+
+    def firewall_dnat_savepoint(self) -> dict:
+        """
+        Create a savepoint for DNAT rules (for rollback).
+
+        Returns:
+            Savepoint revision info
+        """
+        return self._post('firewall/d_nat/savepoint', '')
+
+    def firewall_dnat_apply(self, rollback_revision: str = None) -> Result:
+        """
+        Apply DNAT rule changes.
+
+        Args:
+            rollback_revision: Optional rollback revision
+
+        Returns:
+            Result object
+        """
+        endpoint = 'firewall/d_nat/apply' + self._get_arg_formatter(rollback_revision)
+        data = self._post(endpoint, '')
+        return Result(**data)
+
+    def firewall_dnat_cancel_rollback(self, rollback_revision: str) -> Result:
+        """
+        Cancel a pending DNAT rollback.
+
+        Args:
+            rollback_revision: Rollback revision to cancel
+
+        Returns:
+            Result object
+        """
+        data = self._post(f'firewall/d_nat/cancelRollback/{rollback_revision}', '')
+        return Result(**data)

opnsense_api/api/firewall_filter_client.py

@@ -0,0 +1,95 @@
+from typing import List
+
+from opnsense_api.base_client import BaseClient
+from opnsense_api.pydantic.Rule import Rule
+from opnsense_api.pydantic.Result import Result
+from opnsense_api.pydantic.SearchRequest import SearchRequest
+from opnsense_api.pydantic.SearchResult import RuleSearchResult
+
+
+class FirewallFilterClient(BaseClient):
+
+    def firewall_filter_search_rule(self, search: SearchRequest = None) -> RuleSearchResult:
+        data = self._search('firewall/filter/searchRule', search)
+        return RuleSearchResult.from_ui_dict(data, Rule)
+
+    def firewall_filter_search_rule_by_interface(self, interface: str) -> RuleSearchResult:
+        """
+        Search firewall filter rules for a specific interface.
+
+        Args:
+            interface: Interface identifier (e.g., 'lan', 'wan', 'opt1')
+
+        Returns:
+            RuleSearchResult with rules for that interface
+        """
+        data = self._post('firewall/filter/searchRule', {
+            'current': 1,
+            'rowCount': -1,  # All rows
+            'sort': {},
+            'searchPhrase': '',
+            'interface': interface
+        })
+        return RuleSearchResult.from_ui_dict(data, Rule)
+
+    def firewall_filter_search_all_rules(self) -> List[Rule]:
+        """
+        Fetch all firewall filter rules across all interfaces.
+
+        OPNsense filter rules are organized per interface, so this method:
+        1. Fetches all assigned interfaces
+        2. Searches for rules on each interface using the interface parameter
+        3. Combines results, removing duplicates by UUID
+
+        Returns:
+            List of all Rule entities across all interfaces
+        """
+        # Get all assigned interfaces
+        interfaces = self.interface_overview_export()
+        assigned = interfaces.get_assigned()
+
+        all_rules = {}  # Use dict to deduplicate by UUID
+
+        for iface in assigned:
+            if not iface.identifier:
+                continue
+
+            try:
+                result = self.firewall_filter_search_rule_by_interface(iface.identifier)
+
+                for rule in result.rows:
+                    if rule.uuid and rule.uuid not in all_rules:
+                        all_rules[rule.uuid] = rule
+            except Exception:
+                # Skip interfaces that fail (e.g., no rules configured)
+                continue
+
+        return list(all_rules.values())
+
+    def firewall_filter_get_rule(self, uuid: str = None) -> Rule:
+        data = self._get('firewall/filter/getRule' + self._get_arg_formatter(uuid))
+        return Rule.from_ui_dict(data)
+
+    def firewall_filter_add_rule(self, rule: Rule) -> Result:
+        data = self._post('firewall/filter/addRule', rule)
+        return Result(**data)
+
+    def firewall_filter_set_rule(self, uuid: str, rule: Rule) -> Result:
+        data = self._post(f'firewall/filter/setRule/{uuid}', rule)
+        return Result(**data)
+
+    def firewall_filter_del_rule(self, uuid: str) -> Result:
+        data = self._post(f'firewall/filter/delRule/{uuid}', '')
+        return Result(**data)
+
+    def firewall_filter_savepoint(self) -> dict:
+        return self._post('firewall/filter/savepoint', '')
+
+    def firewall_filter_apply(self, rollback_revision: str = None) -> Result:
+        endpoint = 'firewall/filter/apply' + self._get_arg_formatter(rollback_revision)
+        data = self._post(endpoint, '')
+        return Result(**data)
+
+    def firewall_filter_cancel_rollback(self, rollback_revision: str) -> Result:
+        data = self._post(f'firewall/filter/cancelRollback/{rollback_revision}', '')
+        return Result(**data)