DEV Community

cylon
cylon

Posted on

[open source] based-firewalld Linux iptables UI&firewalld UI distributed management platform

Quick Deployment:Uranus

Best firewalld UI

If you think the project fits your usage scenario, please give me a 🌟🌟🌟!!!

Uranus Gateway

The mission of Uranus is to transform iptables into a tool with similar security group of aliyun.

Uranus Gateway It is a web UI and openAPI for distributed management of iptables rules on linux machines. is based-firewalld, which converts all dbus API translate to rest api , essentially for unified management of all machines in the The iptables rules of enterprise hosts, make the manipulation unified and standardized, no longer have to worry about operational errors, no longer have to worry about difficult management.

Project Show

Architecture

Image description

Instantly view firewall status and rollback restart operations

Image description

You can also add all firewalld rules on Uranus

Image description

It also supports the NAT function of iptables, which can be turned on and off with one click

Image description

And supports rich rules, such as traffic speed limit, network auditing, etc.

Image description

auto discovery

Image description

template management

Image description

Of course, the most important thing is not the function of the firewalld base itself

Special feature

  • Support for delayed tasks:For example, if the Internet is banned during the Golden Week holiday(China biggest holiday), then the effective period of the rule is 10-1 0:0:00 ~ 10-8 0:0:00, and there is no need to operate on October 1. You can set it to take effect on October 1 before leaving get off work can
  • Support automatic discovery:Similar to zabbix host automatic discovery function
  • No need to deploy additional agent side:Because firewalld is a function provided by common Linux distributions, such as centos 7 8 9, debian 10 11, ubuntu20 22 and other distributions can be installed with one click, then this system does not need to install any additional agent
  • zone is converted to a template: firewalld has the concept of zone, here I abstract the zone into a template, that is, by applying the template, a group of templates can be generated and applied in batches for a large number of hosts, so as to realize the dynamic switching of the firewall
  • SSO/UUAP: Support openldap as the backend, providing one-click authentication for enterprises
  • Timing takes effect: Both iptables and firewalld bases provide rules to take effect at regular intervals, so you can use this rule to complete scheduled tasks
  • docker/kubernetes deployment: Can be quickly deployed on any end for management
  • declarative task: Can support a large number of rules issued, provided that your host is online
  • Modular start: You can choose the function you want to start
  • asynchronous task: Declarative API that supports a large number of asynchronous operations

Let’s explore more functions quickly. In essence, Uranus does not recommend UI processing, because the functions are relatively simple, so using API can be better embedded in your management system

For more deployment problems, you can directly raise issue

future

Do you hope to manage in a distributed mode or a single node mode to support more security policies in the future? For example ban ip, anti-ddos and the like

Top comments (0)