We are excited to announce the release of NethSecurity RC1.
This Release Candidate 1 focuses on
- bug fixes
- centralized controller
- improvements to the migration process from NethServer 7.
Try it 
New Features and Improvements
- NethSecurity has been rebased on OpenWrt 23.05.3.
- Port forwards now support port ranges in the source port field.
- Firewall rules now support IP ranges as destination rules.
- Backup files can now be downloaded from the UI even if the machine has an enterprise subscription and the remote backup server is not available.
- Weโve improved the visualization of the threat shield page for firewalls without Internet access.
- Subscriptions will now be shown even if the machine has no Internet access.
- Weโve improved the management of the balance policy configuration in MultiWAN.
- The up/down status of network interfaces on the Network page now accurately reflects the cable status instead of the kernel status.
- Weโve improved the visualization of disabled firewall rules.
- An option to enable the privacy policy link during login has been added.
- Remote support (don) now allows access to UI and preserves the session after a firewall restart.
- Users now support bind on remote LDAP user databases.
NethSecurity Controller (Preview)
The NethSecurity Controller is an application for NethServer 8 (NS8) that allows remote control of multiple NethSecurity installations, called units.
It provides centralized management, secure communication, easy configuration, monitoring and logging, metrics visualization, and web-based SSH access.
Users and administrator
Installation and configuration can be done from the NS8 web interface. The controller supports two types of users: a single administrator and many standard users. The administrator can create and manage users.
Logs and statistics
Units, or firewalls managed by the controller, can be added via the controller web interface. Logs from units are sent using the syslog protocol and can be viewed in a specific Grafana dashboard.
Each unit also exports its own statistics using netdata in the Prometheus format, which can also be viewed within the Grafana dashboard.
Web-based SSH client
SSH access to the unit is possible through a web-based SSH client. Users can connect using a username and password or an SSH key pair. All operations performed on the controller are logged to the NS8 log.
NethSecurity Controller released as OSS NethServer 8 app
The Controller is released under the GPL license, the source code can be found here.
NethSecurity Controller permits a maximum of 3 unit registrations and should be installed as app on NethServer8.
Bug Fixes
- 2FA is now enabled for users only after OTP verification.
- IPsec tunnels now correctly associate the ipsecX interface to the selected WAN.
- IPsec now starts after a migration even if the associated WAN is not available.
- Weโve reworked the network migration process to avoid issues with bonds, bridges, and aliases configuration.
- Bonds and bridges are now displayed on the remapping page during migration.
- Weโve implemented new upload and download functions for migration, update, and backup to avoid issues with large files.
- Fixed an issue that prevented the DHCP server from starting when DHCP options were present in the configuration.
- DPI now prevents loss of Enterprise signatures after an upgrade.
- Added the ability to recreate a deleted storage partition.
- Fixed creation of VLANs over bridges.
- Fixed the visualization of WAN IPs in port forward and IPsec tunnels. The page now displays all aliases and avoids duplicates even if the WAN is not available.
- The LAN zone is now listed inside hairpin NAT destinations in port forward.
- Fixed an issue that prevented the modification of a P2P tunnel in OpenVPN tunnel.
- WAN interfaces are now correctly sorted by priority on the MultiWAN page.
- WAN aliases are no longer shown inside the policy page on the MultiWAN page.
- Static leases are now hidden inside the dynamic leases tab in DHCP.
- Fixed an issue preventing the modification of a proxy pass rule.
- Fixed default cipher selection for P2P tunnels in OpenVPN tunnel.
- DPI now restarts netifyd after a network configuration change.
- Fixed firewall registration to the FlashStart service.
- Fixed secondary DNS address in FlashStart.
- Fixed duplicated host in source and destination address in firewall rules.
- Fixed bulk user creation for large user lists in OpenVPN Road Warrior.
Known issues
Some limitations is still present in bonds management, please refer to the release notes for details.
List of known bugs can be found here.
Try it!
Follow the instructions, download and try it
Download 
New Board for Project Development and Planning
We moved our roadmap and coming features from trello to github
NethSecurity official site
During the past months, we have worked on establishing a reference point for the NethSecurity project, especially for those unfamiliar with it who are approaching it for the first time.
Documentation
Read about all features, migration from NS7 and more inside the official documentation
We need your feedback
Your feedback is still very important to further refine NethSecurity in preparation for the upcoming stable version.
Join us in shaping the future of IT security.
Please open a new topic in the NethSecurity category
Add tags like feature bug support
Why NethSecurity?
With the release of NethServer 8 we abandoned the UTM firewall module included in version 7. Still, we wanted to continue helping those who used NethServer as a firewall gateway in their network. So we decided to create a new Linux open-source project that is highly focused on the firewall, and NethSecurity was born, which is basically a NethServer spinoff with a completely new technological stack.