Firedash is a web interface for the Linux kernel's Netfilter, offering firewall configuration with node-based editing and native support for distributed deployments. This project is currently in the prototyping stage and is thus experimental software.
How it works
Firedash lets you deploy one or multiple instances of an edge daemon called fired that is run with elevated privileges and interfaces directly with the Linux kernel to manipulate its Netfilter. This/these daemon(s) form a network that can be controlled by a centralized control server. The daemon(s) and the control server communicate over websockets with mutual authentication and support multi-factor authentication for rule application. The control server is administered through a web interface offering configuration of the server(s) routes and firewalls with an intuitive node-based editor.
Features
Planned initial features
- Simple initial setup by copying command with token from web interface to server running edge daemon (Initial key exchange can also be done over TLS for automated deployments.)
- Visual node-editor for firewall configuration
- Configure multiple servers at the same time
- Custom presets
- Custom presets
- TOTP and FIDO2 for web interface login
- Seperate TOTP and FIDO2 pass-through from web client to edge daemons for rule application (This mitigates attacks where the control server is compromised.)
- Mutual authentication between control server and edge daemon
- Set protected network routes (to prevent getting locked out)
In the future
- Network routing (via Netlink)
- WireGuard network configuration
- FreeBSD support