firewall
An all-Rust, modular firewall & router appliance.
A capability-gated plugin system spanning Rust, Lua and Python. A declarative config is validated, encrypted at rest, compiled to an nftables ruleset and pushed to the Linux kernel — under commit-confirm with auto-rollback.
DATA PLANE · SERVICES · HA
A complete edge in one appliance
Stateful data plane
IPv4/IPv6 forward + input chains, L2 transparent bridging, NAT (SNAT/DNAT, reflection, 1:1, masquerade) and NAT64.
Routing
Static + policy routing with multi-WAN ECMP, dynamic routing (BGP / OSPF), and traffic shaping.
IDS / IPS
Inline (NFQUEUE) intrusion prevention with a selectable detection engine — bundled and ready to enforce in-line.
VPN & remote access
WireGuard with road-warrior provisioning (QR), OpenVPN, IPsec, a captive portal and automated certificates (ACME).
eBPF/XDP & threat intel
An eBPF/XDP fast-path drop list, threat-intel feeds and GeoIP country sets enforced at the line rate.
High availability
VRRP failover with config sync between peers, plus a built-in L7 load balancer — all supervised with auto-restart.
EVERYTHING INCLUDED
Full capability list
One appliance, one declarative config — from packet filtering to plugins.
Firewalling
- Stateful IPv4 / IPv6 forward + input chains
- L2 transparent bridging
- NAT — SNAT/DNAT, reflection, 1:1, masquerade
- NAT64
- eBPF/XDP fast-path drop list
Routing
- Static & policy routing
- Multi-WAN with ECMP
- Dynamic routing (BGP / OSPF)
- Traffic shaping / QoS
Threat intelligence
- Threat-intel feeds
- GeoIP country sets
- Blocklists (incl. plugin-contributed)
IDS / IPS
- Inline (NFQUEUE) enforcement
- Selectable detection engine
Web & load balancing
- L7 load balancer
- Web application firewall (WAF)
VPN & remote access
- WireGuard (road-warrior + QR)
- OpenVPN
- IPsec
- Captive portal
- Automated certificates (ACME)
Network services
- DHCP server
- DNS resolver
- Supervised (auto-restart + graceful shutdown)
High availability
- VRRP failover
- Config sync between peers
Security & access
- Forced HTTPS
- argon2 + TOTP, login lockout
- RBAC (admin / operator / viewer)
- Per-user audit + secret redaction
- CSRF + security headers
- Secrets encrypted at rest
Plugins
- Capability-gated, default-deny host
- Rust/WASM, Lua & Python
- ed25519-signed over the whole directory
- Trust-store signature verification
Config & control
- Declarative TOML, compiled to nftables
- Commit-confirm with auto-rollback
- Encrypted-at-rest store + schema versioning
- gRPC API · web UI · CLI
Ops & deploy
- Backup / restore
- Structured logging + metrics endpoint
- Immutable Linux host (Secure Boot + dm-verity)
- x86-64 and ARM (CM4)
COMMIT-CONFIRM · AUTO-ROLLBACK
A wrong rule can't lock you out
Configuration is declarative TOML, driven over a gRPC API, a server-rendered web UI, or the CLI. It is validated and compiled before it ever touches the kernel — and reverts itself if you don't confirm.
UNDER THE HOOD
Technical profile
gRPC API, a server-rendered web UI, and a CLInftables ruleset + an eBPF/XDP fast-path drop listRust / Lua / Python — ed25519-signed and capability-gated