Simplify OPNsense Rule Managment With Categories

Mar 24, 2025 · 3 mins read
firewall security opnsense
Simplify OPNsense Rule Managment With Categories

In the video below, we’ll show how to create and apply categories in OPNsense

Not only is the ordering of firewall rules important, but you also want to avoid duplicating rules as that would add to the load and affect user performance

Now OPNsense doesn’t offer separators for rules but it does provide categories to help rules stand out

And this can greatly simplify rule management

So in this video we’ll go over how to create categories and how to apply them to rules

Useful links:
https://docs.opnsense.org/manual/firewall_categories.html
https://htmlcolorcodes.com/

Create Categories:
OPNsense doesn’t have any inbuilt categories, instead you have to create your own

So the first thing you need to do is to navigate to Firewall | Categories

Now click on the + button to create a new one

You need to provide this with a meaningful name but it’s the colour that’s most important

This has to be unique for each category and while there are some basic colours to choose from you can also create your own

Personally, I find the slider system frustrating so instead I use a site like this one https://htmlcolorcodes.com/

Move the slider and/or target around until you find the colour you want then copy the Hex number

NOTE: You only need the 6 characters and not the #

You can then paste this into the Color field, hit return and your category will now have the colour you choose

Now click Save and you have your new category

Apply Categories:
You can apply a category while creating a new rule and you can also do this by editing existing rules

In either case, look for the Category setting, click in the field and select the category to apply

You can assign multiple categories but I prefer to keep things simple

Once all of your rules have a category, the main benefit is this helps preserve the ordering and thus the security

And this is extremely important because you could end up allowing access to something you didn’t intended or even block access by accident

With categories applied, you’ll see rules grouped by colour, making it easier to spot a rule that’s out of place

That can be very important because certain vendors sell hardware with poor performance

While the best practice may be to place most used rules at the top of the list, this can break your security

So these rules should certainly go to the top of their group, but not the top of the list

And it’s that colouring that makes it easier to preserve the security ordering

Categories also makes it easier to avoid duplication

When a firewall has too many rules to process, the CPU utilisation can get too high and so performance suffers

It’s very common to be told a new group of users needs access to a system and not notice an existing rule already exists

As a result, a new rule is added instead

But by grouping rules together with colouring, it should be easier to spot an existing rule which can also save yourself some time

Sharing is caring!