Short Wishlist for NethSecurity

I really like Nethsecurity now.

I come from IPFire and was looking for an alternative because the updates there are always a bit of a game of chance.

Good additions would be:

  • GUI for DDClient
  • Wake on Lan
  • Fail2Ban

Thanks for your work so far!!


Thank you for testing it!

We do not have any plans for these feature right now.
The first one is already present from command line but it’s hard to create a good and simple UI for it.

I think we can add also the wake on lan, but what do you exactly expect from the feature?

Can you eventually share a couple of screenshot from IPFire for both functions?

The feature is already there, but we still miss a UI for it. This is already on our todo list.

This is already in our plans :wink:

This should scan the LAN and display all MAC addresses available in a GUI for WOL.
Scheduled options would be nice. See maybe below for a GUI example from current OpenMediaVault.

Example available from OpenMediaVault (Debian!)

Timing is nice eg for planned maintenence…


My 2 cents


With a Whitelist or Unblock button

1 Like

I would like a new device quarantine feature, like Firewalla.

And network flows. But I think this is should be easy if you use netify agent json data.

An example of Network Flows from Unifi:


  • Network topology is drawn automatically!
  • Trafic view can be turned on or off (Large Networks have larger latency!)

Another example of a larger network, also with trafic active:

My 2 cents

1 Like

Kick and Block IP or MAC in DHCP server

For what?

If the IP range is known, ANY idiot can access the network!

This is a waste of time and dev-resources, as DHCP NEVER regulates who can and who can^t access the network…
It only servers a fake “peace of mind”.

My 2 cents


Huh? Which part? Are you referring to the quarantine?

Hi @beniamin

You pose a question, without refering to a post, like I am doing here…
(Tip: after marking that text, right mouse key, Use Quote …).

This is a wishlist for NethSecurity here.

I, for one, am not discussing specific features of Firewalla…
I use OPNsense. And maybe, in the future, also NethSecurity. :slight_smile:

My 2 cents

1 Like

I was referring to the waste of time comment


Well, DHCP isn’t what regulates network access, so any dev time is wasted, any “feelgood” time is also wasted…

Better spend time on real security if it’s important.

There are uses for DHCP in a Honeypot setting, yes. Or to trap rogue users in a network with only static IPs, yes.
But banning DHCP?
OK for ignoring a smartphone on a WLan, maybe…

My 2 cents

It doesn’t have to be DHCP. At most, you can quarantine the device from accessing the internet, which is currently possible for OpenWRT.

That is 100% a security feature that could easily be implemented And a good one at that for a firewall. Well worth the developers time


My post was in reply to a post from @MadPatrick and I’m specifically refering to a “wished for” BAN and KICK option for DHCP, not for NethSecurity by that user!

Using firewall specific terminology in a completly foreign context (DHCP doesn’t do BANs or KICKs!) does not make sense and implies a lack of understanding what DHCP actually does.

NethSecurity already has a ban and kick option in Threatshield, AFAIK.

Please read the context, before barging in!

Thanks, no insult intended!

My 2 cents

When it is possible I would like to see -

  1. separate pages for showing a larger list of the following -

a. network flow chart / network map like Andy shows in picture post above this post.

b. Top real-time traffic
c. Top hosts
d. Top protocols
e. Top applications

  1. Device icons and name of device add next to ip address for quick reference. (real-time and host)

  2. Protocol icons next to name of protocol for quick reference…

  3. Application icons / name add to application list for quick reference.
    (All shown in picture below)

  4. Add some color to the analysers / charts / bars like picture below.

This is from Ubiquity UDM…



It is up to the Dev team if they find it a waste of time. Not up to me
They ask for wishes in the form of additions to Nethsecurity, so i try support the Dev team with my feedback.
No i’m not IT guru, but a user and banning devices which get connect (temporally allowed or not) i like to ban or kick out
For me it is a feature which might be handy.

It’s a free world.

No matter how you kick or ban, DHCP can not help!
Devices will never be kicked or banned due to DHCP…
But you may have fun clicking…

→ It still has nothing to do with any security…

Changing a MAC adress and using a spoofed MAC is a one liner in Linux, eg every 30 minutes - you would not notice…

But you will get the warm fuzzies from thinking you maintained security… :slight_smile:

Serves a purpose…

Thus a quarantine would be the answer. Block any MAC address that’s not allowed.

Gl.inet does this on their fork of openwrt. They block any new MAC addresses and they don’t even get an IP address from DHCP. It’s pretty cool.


It still not a feature of DHCP…