Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roadmap #1

Open
9 of 41 tasks
speatzle opened this issue Feb 28, 2023 · 0 comments
Open
9 of 41 tasks

Roadmap #1

speatzle opened this issue Feb 28, 2023 · 0 comments

Comments

@speatzle
Copy link
Owner

speatzle commented Feb 28, 2023
edited
Loading

Rough Long-term Roadmap of my plans for this Project, Subject to change.

Basics:

  • Everything should be doable via the Backend's JsonRPC API (Potentially over Websockets)
  • Swagger API Docs
  • Everything should be saved in a central JSON Config File (for Easy backup / Restore and Manual Editing)
  • A nftables rules file will be generated from the JSON Config and applied with nft -f (provides crash resiliency and apply on startup)
  • Interfaces configured via networkd
  • If the Backend crashes there should be no impact to Firewalling, Routing or VPN

Roadmap:

  • Basic SPA Frontend (Vue 3)
  • Address Object's
  • Interface configuration
  • Static routes
  • DHCP Server
  • DNS Server
  • NTP Server
  • WireGuard VPN
  • Firewall rule generation
  • NAT Rule Generation
  • Firewall Rule Creation UI
  • Authentication
  • Config / Input Validation
  • Rule Hit Count UI
  • Certificate Management and generation via caddy (use https://github.com/mholt/caddy-events-exec , events: Implement event system caddyserver/caddy#4912 to update cert in nfsense config / trigger service reloads. alternatively write custom module for sending events to nfsense via dbus)
  • Reverse Proxy with Caddy json config
  • Nat rules: automatic firewall rule checkbox
  • Firewall logging
  • install script
  • API Websocket Streams (journalctl logs, PacketCapture and Webshell need constant bidirectional data)
  • Service Log viewer (via journalctl dbus interface)
  • Packet Capture UI (tcpdump/nfdump)
  • Webshell
  • Commit log & Service Error detection
  • Basic CLI configuration
  • Multi-Wan (Balancing / Failover Rules)
  • QOS (Bandwidth limiting / Traffic Priority)
  • IPv6
  • Historic Metrics (Influx/prometheus/snmp)
  • Frontend Metric Graphs
  • Immutable Distro (osTree ? Fedora CoreOS?)
  • Kernel BPF Patch to allow inet table rules to match ipv4 and ipv6 addresses in a single rule using a ipv6 ipset (ipv4 as ipv6)
  • Firewall Zones
  • pppoe
  • IPsec Site-To-Site VPN
  • OpenVPN Client VPN
  • OpenVPN Site-To-Site VPN
  • Snort / Suricata integration
  • BGP / OSPF Routing Support
  • VRRP/CARP/UCARP HA Support
  • Plugin System
@speatzle speatzle pinned this issue Feb 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@speatzle