Q-Feeds Connect Installation under OPNsense 26.1

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

The Open Source Firewall OPNsense can be enhanced by integrating Q-Feeds firewall blocklists and DNS filter rules with the latest threat intelligence. This article shows how to install Q-Feeds Connect plugin and how to create firewall rules and Unbound DNS filter rules under OPNsense 26.1.

Click here for our Q-Feeds Connect licenses in the Thomas-Krenn online shop

Q-Feeds Connect plugin

The Q-Feeds Connect plugin can be installed as Plugin at OPNsense.

Installation of plugin

  • Go to System → Firmware → Plugins.
    Go to System → Firmware → Plugins.
  • The "os-q-feeds-connector" plugin is maintained in the OPNsense repository and can be installed directly. To install it, click on the +.
    The "os-q-feeds-connector" plugin is maintained in the OPNsense repository and can be installed directly. To install it, click on the +.
  • Q-Feeds Connect has been installed.
    Q-Feeds Connect has been installed.
  • Click on the button to reload the browser.
    Click on the button to reload the browser.

Configuration of plugin

The plugin has been installed and the configuration can now be made.

  • Click on the new menu option Security.
    Click on the new menu option Security.
  • After this, go to Q-Feeds Connect.
    After this, go to Q-Feeds Connect.
  • The settings are configured in the Settings tab.
    The settings are configured in the Settings tab.
  • State you API-key. Set the box next to Register domain feeds, to activate the Unbound DNS blocklists from Q-Feeds. After this, click on Apply.
    State you API-key. Set the box next to Register domain feeds, to activate the Unbound DNS blocklists from Q-Feeds. After this, click on Apply.
  • In the Feeds tab, the loaded IP-addresses and domain names are listed.
    In the Feeds tab, the loaded IP-addresses and domain names are listed.
  • Events tab.
    Events tab.

Firewall Maximum Table Entries adjustments

The maximum number of Firewall Maximum Table Entries can be adjusted optionally.

  • Switch to the menu Firewall → Settings → Advanced and scroll to Firewall Maximum Table Entries. Adjust the default value if necessary.
    Switch to the menu Firewall → Settings → Advanced and scroll to Firewall Maximum Table Entries. Adjust the default value if necessary.
  • The current number of entries can be considered in the menu Firewall → Aliases.
    The current number of entries can be considered in the menu Firewall → Aliases.
  • A Q-Feeds Alias has been created.
    A Q-Feeds Alias has been created.

Q-Feeds firewall rule configuration

After installation and configuration of the plugin, the firewall rules can be set. In this example, the Q-Feeds blocklist is activated on the LAN and WAN interface.

Block rule for outbound traffic on the LAN interface

For a LAN interface, a suitable rule would be one that blocks all incoming LAN traffic destined for addresses included in the block list.

  • Go to the menu Firewall → Rules [new] and click on the +.
    Go to the menu Firewall → Rules [new] and click on the +.
  • State a description and assign the LAN interface to the rule.
    State a description and assign the LAN interface to the rule.
  • Select Block on Action.
    Select Block on Action.
  • Destination is the Alias __qfeeds_malware_ip.
    Destination is the Alias __qfeeds_malware_ip.
  • Click on Save.
    Click on Save.
  • Activate the checkbox before the new rule and click on the arrow at Allow from LAN rule. Therefore, the block rule is processed before the allow rule.
    Activate the checkbox before the new rule and click on the arrow at Allow from LAN rule. Therefore, the block rule is processed before the allow rule.
  • Click on Apply.
    Click on Apply.

Block rule for incoming traffic on the WAN interface

For a WAN interface, a suitable rule would be one that blocks all incoming WAN traffic from source IP addresses included in the Q-Feeds blocklist.

  • Go to the menu Firewall → Rules [new] and click on the +.
    Go to the menu Firewall → Rules [new] and click on the +.
  • State a description and assign the WAN interface to the rule.
    State a description and assign the WAN interface to the rule.
  • On Action, select Block.
    On Action, select Block.
  • Alias is the source __qfeeds_malware_ip.
    Alias is the source __qfeeds_malware_ip.
  • Click on Save.
    Click on Save.
  • Tick the box next to the new rule and click the arrow next to the Allow from WAN net rule. Therefore, the block rule is processed before the allow rule.
    Tick the box next to the new rule and click the arrow next to the Allow from WAN net rule. Therefore, the block rule is processed before the allow rule.
  • Click on Apply.
    Click on Apply.

More settings on Unbound DNS

With Q-Feeds Plus (only OSINT) and Premium (OSINT and Paid), DNS requests can be filtered with the Unbound DNS. The DNS filter rule are activated automatically.

  • You can activate the Unbound DNS reporting. Click on Reporting → Settings and allow the local collection of statistics on Unbound. Click on Save.
    You can activate the Unbound DNS reporting. Click on Reporting → Settings and allow the local collection of statistics on Unbound. Click on Save.
  • The size of the blocklist is now displayed.
    The size of the blocklist is now displayed.


Author: Thomas Niedermeier

Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.


Translator: Alina Ranzinger

Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.


Related articles

Activation of Q-Feeds webinterface and licenses
Show article
Q-Feeds Versions: Feature Comparison
Show article