OPNsense-Exporter

Docker app from Florian Dambrine's Repository

Overview

OPNsense Exporter - Prometheus exporter for OPNsense firewalls. Collects and exposes metrics from OPNsense via its REST API, including ARP tables, DNS (Unbound), WireGuard, OpenVPN, IPsec, firewall statistics, and firmware information.

Runtime arguments

Web UI: http://[IP]:[PORT:8080]/metrics
Network: bridge
Privileged: false

Template configuration

Metrics PortPorttcp

Port on which the /metrics endpoint is exposed for Prometheus scraping.

Target: 8080
Default: 8080
Value: 8080

OPNsense ProtocolVariable

Protocol used to reach the OPNsense API. Use 'https' (recommended) or 'http'.

Target: OPNSENSE_EXPORTER_OPS_PROTOCOL
Default: https
Value: https

OPNsense AddressVariable

Hostname or IP address of the OPNsense firewall (e.g. 192.168.1.1 or opnsense.lan). Do NOT include the protocol prefix.

Target: OPNSENSE_EXPORTER_OPS_API

OPNsense API KeyVariable

API key generated for the read-only OPNsense user (System > Access > Users).

Target: OPNSENSE_EXPORTER_OPS_API_KEY

OPNsense API SecretVariable

API secret generated for the read-only OPNsense user (System > Access > Users).

Target: OPNSENSE_EXPORTER_OPS_API_SECRET

Skip TLS VerificationVariable

Set to 'true' to disable TLS certificate verification (useful for self-signed certs). Not recommended in production.

Target: OPNSENSE_EXPORTER_OPS_INSECURE
Default: false
Value: false

Instance LabelVariable

Label added to all metrics to identify this OPNsense instance. Useful when scraping multiple firewalls.

Target: OPNSENSE_EXPORTER_INSTANCE_LABEL
Default: opnsense
Value: opnsense

Log LevelVariable

Log verbosity. Options: debug, info, warn, error.

Target: OPNSENSE_EXPORTER_LOG_LEVEL
Default: info
Value: info

Disable ARP TableVariable

Set to 'true' to disable ARP table metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_ARP_TABLE
Default: false
Value: false

Disable Unbound DNSVariable

Set to 'true' to disable Unbound DNS metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_UNBOUND
Default: false
Value: false

Disable WireGuardVariable

Set to 'true' to disable WireGuard VPN metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_WIREGUARD
Default: false
Value: false

Disable OpenVPNVariable

Set to 'true' to disable OpenVPN metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_OPENVPN
Default: false
Value: false

Disable IPsecVariable

Set to 'true' to disable IPsec VPN metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_IPSEC
Default: false
Value: false

Disable FirewallVariable

Set to 'true' to disable firewall statistics metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_FIREWALL
Default: false
Value: false

Disable FirmwareVariable

Set to 'true' to disable firmware information metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_FIRMWARE
Default: false
Value: false

Disable Cron TableVariable

Set to 'true' to disable cron task metric collection.

Target: OPNSENSE_EXPORTER_DISABLE_CRON_TABLE
Default: false
Value: false

Disable Exporter MetricsVariable

Set to 'true' to exclude internal Go/process metrics from the /metrics output.

Target: OPNSENSE_EXPORTER_DISABLE_EXPORTER_METRICS
Default: false
Value: false

Links

Template Support Registry Project

Details

Repository

ghcr.io/athennamind/opnsense-exporter

Registry

https://github.com/AthennaMind/opnsense-exporter/pkgs/container/opnsense-exporter

Last Updated2026-05-31

First Seen2026-04-07

Run OPNsense-Exporter on Unraid.

OPNsense-Exporter is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS