25.7.8

Major changes

• unbound_dnsbl Module/API is not backward compatible

Features

• unbound_dnsbl migration to multi-entry capability (#358, Documentation @superstes)
• haproxy_acl, haproxy_action, haproxy_errorfile, haproxy_fcgi, haproxy_lua (#331, Documentation @MaximeWewer @superstes)

Project

• Improved docs-check CI (@superstes)
• Docs typo fix (@75ohm)

---

Thanks go to all contributors ❤️

Tested with OPNsense version 25.7.8

---

Support the Open-Source projects that make these modules possible:

• Donate to OPNsense or Buy the Business-Edition
• Donate to the Ansible-Module Maintainers or Buy a Support-License

25.7.7

Major changes

• Mass-Management was again moved to dedicated modules because of cleaner argument-validation (#338, Documentation @superstes @jiuka)

Features

• wazuh_agent (#272, Documentation @MaximeWewer @superstes)
• haproxy_cpu, haproxy_general_cache, haproxy_general_defaults, haproxy_general_logging, haproxy_general_peers, haproxy_general_settings, haproxy_general_stats, haproxy_general_tuning, haproxy_group, haproxy_maintenance, haproxy_user (#309, Documentation @MaximeWewer @superstes @jiuka)

Fixes

• Fixes for API-changes of OPNsense version 25.7.4 - 25.7.7 (#344 @superstes)
• Fixes for abstracted Mass-Management (@superstes @jiuka)
• interface_lagg - make lagghash optional (#312 @calvinbui @superstes)
• gateway - data_length default (#322 @calvinbui)
• dnsmasq_* reload fixes (#328 @calvinbui)
• gateway - make IP optional (#323 @calvinbui @superstes)
• wireguard_server - make public-key optional (#342 @calvinbui @superstes)

Project

• Extended and improved tests (@superstes)

---

Thanks go to all contributors ❤️

Tested with OPNsense version 25.7.7_4

25.7.3

Project

• NOTICE: The collection name was changed from ansibleguy.opnsense => oxlorg.opnsense (Ansible Galaxy)

• From now on the version-schema will follow the OPNsense releases so its clear which collection-version can be used for which OPNsense-version.

  Note: Sadly Multi-Version Handling is currently not (yet) viable as this project is unfunded.

---

1.2.16

Tested with OPNsense Version: 25.7.3

Deprecations

• These existing mass-management modules were deprecated in favor of the new abstracted logic:
  • alias_multi
  • alias_purge
  • rule_multi
  • rule_purge
  • bind_record_multi

Features

• New abstracted entry mass-management (User Docs, Dev Docs, #185 @superstes @jiuka)
• dnsmasq_* Modules (#240 #307 @jiuka @kalsto @superstes)
• user, group and privilege Modules (#139 @jiuka)
• ipsec_general Module (#304 @jiuka)
• interface_gif Module (#291 @jiuka)
• interface_bridge Module (#291 @jiuka)
• neighbor Module (#291 @jiuka)
• alias support for urljson (#288 @jiuka)
• frr_bgp_peer_group add parameter listen_ranges (#267 @superstes @Syndlex)
• openvpn_client & openvpn_server new parameters (#292 @jiuka)
• rule support for icmp_type (#293 @superstes @drobnymichal)
• ipsec_connection, ipsec_vti, ipsec_pool new parameters (#304 @jiuka)
• interface_vxlan port config (#239 @Neos3452)
• Internal: Support to translate nested API-keys (#286 @jiuka)

Fixes

• Failure with Ansible >=2.19 (#269 @Inocious @superstes)
• gateway Module API-fix for OPNsense version 25.7.3 (#306 @superstes)
• ipsec_manual_spd Module API-fix for OPNsense version 25.7.3 (#300 @superstes)
• acme_certificate always changed (#264 @ohartl)
• bind_general field query_acl not working (#268 @koichirok)
• gateway supports gateway-groups/dynamic-gateways (#271 @jiuka @jameseck)
• alias remove updatefreq_days default-value if not required (#281 @superstes @ovv)

Project

• Enabling us to run Integration-Tests for PRs (#255 @superstes)
• New Documentation-Theme (@superstes)
• Abstraction to mock HTTP-requests and -responses for Unit-Tests (Dev Docs, #303 @superstes)
• More Unit-Tests for shared logic (@superstes)

---

Thanks to all contributors ❤️

Base-Modules Unit-Test Coverage: 61%

1.2.15

Tested with OPNSense Version: 25.7.1

Features

• Add Rule-support for TCP/UDP and inet46 (#245 @adrianhiller @superstes)
• Nested alias support (#141 @jiuka)
• Connect to Firewall over HTTPS_PROXY if environment-variable was set (#255 @superstes)

Fixes

• OpenVPN API-Fixes for v25.6 and v25.7 (#229 #252 @Samdotr @superstes)
• Custom-Account for acme_account module (#241 @superstes)
• Fixes for search-API changes (#233 @jiuka)
• Fixes for key_length and ocsp of acme_certificate module (#251 @ohartl)

Project

• Enabling us to run Integration-Tests for PRs (#255 @superstes)

---

Thanks to all contributors ❤️

Support the project: patreon.com/OXL

1.2.14

Tested with OPNSense Version: 25.1.5_5

Features

• FRR BGP/OSPF Route-Redistribution (#206 #215 @jiuka)
• FRR OSPF Network (#203 @jiuka)
• FRR BGP Peer-Group (#198 @jiuka)
• ZFS-Snapshot Module (#205 @jiuka @superstes )
• HA-Sync Modules (#204 @jiuka)
• IPSec-PSK match-fields (#194 @superstes @nerrehmit)

Fixes

• OpenVPN API-Fixes (#214 @jiuka)
• FRR API-Fixes (#196 @jiuka @superstes)
• Nested alias-content and validators-cleanup (#141 @jiuka @superstes )
• FRR OSPF Redistribution (#215 @jiuka)
• FRR BGP Route-Map Diff-Handling (#39 @jiuka)

Project

• CI for Integration-Tests was improved (@superstes)

---

Thanks to all contributors ❤️

Support the project: patreon.com/OXL

1.2.13

⚠️ Security Fixes ⚠️

• API Key and Secret were logged when using api_credential_file (@alteriks @superstes #187)
  If you provided your API-credentials this way - we recommend you to rotate them!
• WireGuard private_key and psk were logged (@alteriks #189)

For more information see: GHSA-hvj8-79wm-m3m7

Features

• VIP Unicast Support (@dreezey #130)
• ACME-Client Modules (@jiuka @superstes #132)
• Kea-DHCP Subnets & General (@woelfle @superstes #135, #136)
• Postfix Modules (@jiuka #140)
• One-to-One NAT Module (@jiuka #146)
• GRE Interface (@jiuka #152)
• IPSec Manual SPD (@jiuka #179)

Fixes

• Many minor fixes (@jiuka @superstes )

Project

• CI for Integration-Tests was improved (@superstes )

1.2.12

Features:

• DHCP Reservations @KalleDK
• DHCP ControlAgent @KalleDK
• Enhanced Developer Documentation
• Raw Python3 Interface/CLI (no Dependency on Ansible) @O-X-L

Fixes:

• Multiple Updates because of OPNSense API-Updates
• Deprecation of Unbound-Domain Module

We wish you happy holidays and hopefully a good next year! ☃️

1.2.11

Features:

• DHCP-Relay Modules @jiuka
• interface_lagg and interface_loopback Modules @jiuka
• unbound_dnsbl Module @jiuka

Fixes:

• Fixed Bind MX-Type validation
• Deny system-actions if upgrade is running
• Fixed Rule bugs @jiuka

1.2.10

Features:

• nginx_general and nginx_upstream_server Modules (#64) @atammy-narmi
• gateway Module (#81) @kdhlab
• rule_interface_group Module (#84) @jiuka
• Better error message on connection errors

Fixes:

• Connect to firewall over IPv6 (#82)
• Enable rule and rule_multi to use port-aliases and port-ranges (#86)
• Virtual-Environment fixes (#79)
• Add warning to system-upgrade module (#80)
• Multiple minor fixes