easywall
Your firewall. Your rules. No surprises.
Linux firewall management with a web interface — built for 2026. Go, nftables via direct netlink, two-process isolation, Argon2id auth. Security problems addressed at the root.
Architecture
The web process never touches the firewall directly. All changes go through a typed socket protocol to a privileged core daemon. Privilege escalation from the web process is structurally impossible.
Features
nftables via netlink
Direct kernel API — no subprocess, no shell injection risk.
Two-step activation
Apply rules, confirm over SSH — auto-rollback on timeout.
Docker coexistence
Own table inet easywall — never touches Docker's chains.
Protection modules
SYN flood, port scan, bogon filter, ICMP flood, and more.
i18n
English & German, extensible via JSON locale files.
Export / Import
Full JSON rule backups — downloadable and re-uploadable.
Quick Start
Debian / Ubuntu
wget https://github.com/jp1337/easywall/releases/latest/download/easywall_amd64.deb
sudo dpkg -i easywall_amd64.deb && sudo apt-get install -f
xdg-open https://localhost:12227
Docker
git clone https://github.com/jp1337/easywall.git
cd easywall
docker compose up -d
Open https://localhost:12227 and complete the first-run wizard.
Docker Compose uses network_mode: host and NET_ADMIN capability so the core can manage nftables on the host kernel. This is required for a host-level firewall.
Why easywall in 2026?
Linux servers — and increasingly Linux desktops — remain high-value targets. Many hosting providers offer no upstream firewall, leaving individual machines exposed. The Linux desktop market share is growing, developer laptops run on Linux, and simple firewall tools are scarce.
easywall fills this gap for those who are not nftables experts.
The original easywall (Python/Flask/iptables, v0.3.1) was archived after a CVE. This rewrite addresses the root causes: no subprocess execution, no shared-privilege IPC, no weak password hashing.