NethSecurity 8 final is ready 🛡

We are excited to announce the release of NethSecurity 8.0 final.

This is a special day because 8.0 is the first stable release of the NethSecurity project. :partying_face:

What’s NethSecurity?

NethSecurity is a fully-featured Open Source Linux firewall that streamlines network security deployment in just a few clicks. (spin-off of the NethServer project)

It combines multiple security features into a single platform including firewalling, intrusion detection/prevention, antivirus, multi-WAN, DNS and content filtering, and more.

:point_right: Download and use it! :point_left:

Key Highlights :fire:

New Dashboard

Interfaces and devices



New DPI filter

Apply changes

DNS and DHCP and left menu

Threat Shield Panel

It keeps you safe by blocking attacks from known malicious IP addresses. These addresses are compiled into blocklists, each with a clear name that tells you its purpose and who maintains it. The confidence score is a value from 1 to 10 that indicates the quality of the list.

Modernized Login Experience

Enjoy a redesigned login screen

Certificate and Reverse Proxy Management

Navigate a dedicated page for easy management of certificates and reverse proxy settings. The import process for both configurations has been significantly improved. Now, you can also use DNS verification to request Let’s Encrypt certificates, supporting wildcard certificates.

Firewall Rules Configuration

Added a new page for configuring firewall rules, offering enhanced control. Users are encouraged to use this page for compatibility and optimal performance.

Quality of Service (QoS) Configuration

Tailor your network traffic management with a newly introduced QoS configuration page, ensuring a seamless online experience.

IPsec tunnels

OpenVPN tunnels

Factory reset


Backup, restore and migration


New NethSecurity Controller

The NethSecurity Controller is an application for NethServer 8 (NS8) that allows remote control of multiple NethSecurity installations, called units.

It provides centralized management, secure communication, easy configuration, monitoring and logging, metrics visualization, and web-based SSH access.

Web-based SSH client through controller

SSH access to the unit is possible through a web-based SSH client. Users can connect using a username and password or an SSH key pair. All operations performed on the controller are logged to the NS8 log.

:crystal_ball: What’s next

While NethSecurity 8.0 covers all main use cases, it has not yet reached full feature parity with version 7. Key features that are still missing and require significant effort include Firewall Objects, Reporting, and IPS integration. We are actively working on these and more.

We plan to release a major update in the coming months, which could include:

  • Firewall Objects
  • Reporting
  • Conntrack UI
  • Admin User Management from the UI

It’s important to note that this roadmap is still in its early stages and may evolve based on the feedback collected over the coming months. Your input is invaluable in shaping the direction of NethSecurity, and we appreciate your continued support and engagement.

We are committed to continuous improvement and appreciate your patience as we work to deliver these critical features.

:point_right: Download and use it! :point_left:

:face_holding_back_tears: We need your feedback

Your feedback is still very important to further refine NethSecurity for the next releases.
Join us in shaping the future of IT security.

Please open a new topic in the NethSecurity category
Add tags like feature bug support

:magic_wand: New Features and Improvements since RC2

  • Routes: IPsec rules are now non-editable, ensuring configuration stability.
  • IPsec: Added a validator for remote and local networks to prevent misconfigurations.
  • Autoreload VPN Pages: VPN pages now automatically reload for real-time updates.
  • DHCP: Introduced a network scanning feature to simplify network management.
  • IPsec: Improved handling of multiple networks within a single tunnel, enhancing flexibility.
  • DHCP: The force option for DHCP is now available in the UI for better control.
  • Threat Shield: Enterprise list is now removed upon subscription removal for better resource management.
  • DPI: Premium signatures are removed upon unregistering, keeping the system clean.
  • Subscription: Enhanced the unregister modal for a smoother user experience.
  • Inventory: Basic usage statistics collection to help improve future versions.
  • IPsec: Better exposure of the PFS option for advanced configurations.
  • Dashboard: Added a notification for new available versions to keep your system updated.
  • Firewall Rules: Improved overall page readability for easier rule management.
  • Zones and Policies: Enhanced the drawer for the WAN zone for better navigation.
  • Dashboard: Display a warning if DNS is not configured, ensuring network functionality.
  • NAT Helpers: All NAT helpers are included in the image but disabled by default, offering more options without cluttering the interface.

:bug: Bug Fixes

  • FlashStart: Resolved DNS resolution failures after disabling the service.
  • FlashStart: Fixed initial configuration issues.
  • Let’s Encrypt: Certificates are now properly created.
  • FlashStart: Corrected ineffective redirect rules.
  • Firewall: Fixed issues with ipset not updating after removing an address.
  • Migration: Host groups now import correctly into firewall rules.
  • Firewall Rules: Custom IP addresses can now be inserted.
  • Threat Shield: Immediate application of changes to the allowlist.
  • Migration: IPsec tunnel editing issues resolved.
  • OpenVPN Road Warrior: Users can now be re-created from the LDAP database.
  • OpenVPN RW: Resolved issues with hosts being unreachable in bridged configurations.
  • MultiWAN: Track IP is now updated correctly.
  • Reverse Proxy: Allow IP list is no longer mandatory.
  • Controller: Units can now connect even if the UI is disabled on port 443.
  • Subscription: Community subscription registration issues resolved.
  • Install from USB: Fixed bad partition table issue.
  • Migration: PPPoE interface start issues resolved.
  • Threat Shield: Fixed empty subscription feed issue.
  • Auto Updates: Cron job now starts during the night as expected.
  • Threat Shield: Can now be started from the UI.
  • Migration: Threat shield IP migration issues resolved.
  • EFI: Free space can now be used as extra storage.
  • Zone: Enforced lowercase creation for zones.
  • OpenVPN Road Warrior: Resolved VPN disconnection issues after one hour with OTP authentication.
  • NAT Helpers: Active FTP sessions now transfer files correctly.

Detailed changelog can be found here.

:question: Why NethSecurity?

With the release of NethServer 8 we abandoned the UTM firewall module included in version 7. Still, we wanted to continue helping those who used NethServer as a firewall gateway in their network. So we decided to create a new Linux open-source project that is highly focused on the firewall, and NethSecurity was born, which is basically a NethServer spinoff with a completely new technological stack.


Good Job guys !
Keep up the good work and looking forward for the additions to come


Congratulations to all involved!


So nice… LDAP external source removed feature (only subscription currently) from NS7…

You can definitely tell you took some time to think and make this user friendly. This looks nice. I can’t wait to test it out. See it’s functionality. I downloaded it so when I get a moment I will check it out first hand.

Great job to everyone involved,


Please could you explain? There is no feature in the subscription at the moment.

1 Like

Hello @giacomo with this announcement, i’d be looking forward to the available subscription options, espeically with matters ns8 controller.

do they rely in nethsecurity subscription, or nethserver subscription.

if nethsecurity subscription, where are they and what are they?

nice job. :wink:
is on roadmap a crowdsec implementation for nethsecurity8?

There isn’t a real nethsecurity subscription yet, but you can use a trial from

Not for now. What are you trying to achieve?

i think it’s can help to improve security. at the moment i don’t think nethsecurity 8 have an IPS, right?

Of course, or complicate the troubleshooting :slight_smile:

We have a build with crowdsec but currently we didn’t see any real advantage beside their excellent blocklist IP.
For now, you can already obtain a very similar features with banip: it has a fail2ban function that can be extended and a some good blocklists.

hi Giacomo, i already use Banip with good results.
as i already use crowdsec with nethserver 8, same good results.
Thanks. :wink:

1 Like

so if i have nethserver and nethsecurity, and i am taking Lasagna i would need 2 of them, one for nethserver and another one for Nethsecurity?

There isn’t a real nethsecurity subscription yet, but you can use a trial from

I’ve payed for subscription, so what is then the added value? Besides supporting you guys :wink:

Be patient :slight_smile:
Additionals feature are coming


In the future, probably yes because in the community really few users were using the firewall part on NS7.
Are you using both firewall and other features (like mailserver) in your NS7 installation with subscription?

First of all, thank you!

We are trying to create a good offer just in these days. For sure, you will have access to the monitor portal (you should already have it). Also the subscription should give access to extra DPI features that we buy from Netify. We are thinking about other things, but you know that creating a valuable plan takes time!


I don’t get the extra DPI features visible

And what is exactly the monitor portal ?

Will there be more “Shields” avavailable for subscribed users ?
Since you are mentioning " This score is not available for ‘Community’ lists." i can conclude there will coming more

I know. As stated before, we are working on it. A detailed plan with access to extra resources will be available during next weeks.

It’s Depending on the level of subscription you will get accesses also to alerts.

Yes, we already have for our resellers as an extra fee. I do not know if it will be included or not inside the subscription, but I’m quite sure that a subscription will be able to access the service.