What to expect in NS8?

And for all the bleating, no one is noticing this nice detail, above what NS7 ever had to offer in firewalling!

I do say good riddance to the integrated firewall, a seperate box is acceptable!

My 2 cents

We already have plans for DNS. Nothing decided yet, it’s just a future goal. It was discussed here:

DHCP is a firewall feature. It could be implemented by a NS8 module too, but this is not planned at all.

Yes, I can repeat it another time: we split the firewall from NethServer. This is the basic design choice we discussed here since we started NS8 planning

1 Like

Well, I’m glad it works well for you, and I hope it also works well for the majority. As for me, another box is a deal breaker.

It’s been nice, but my next migration won’t be to NS 8 then.

1 Like

did i not read that, while it will be a seprate solution than can be deployed on an independt box, it would also be a module for NS8 unless i got that wrong.

and seeing that NS8 is container based, i dont think its not possible to have a module that can have it installed on the main NS8 box. for those who want to build a dooms day box on a single box


It is completly separate and won’t run in NS8, but several NethSecurity can be managed via NS8…

I do not have any detailed info, but AFAIK, NethSecurity is NOT container based, it’s based on OpenWRT.
And AFAIK OpenWRT by itself is NOT installable, the boot-image must be cloned. That doesn’t sound good for running as a container…

My 2 cents

1 Like

The only place I’d accept a NS7 running as firewall is in a cloud solution, as there another host would almost double the cost, if possible at all to interconnect the box at the hosters location - not all hosters offer that option easily.

And if I - for example choose Debian based to install NS8 on top - nothing stops me from installing the Debian firewall package and configuring that to my requirements…

Or even better, install Proxmox on top of Debian (If i can’t directly install Proxmox), and run both NS8 and NethSecurity in there…

As NS8 runs as a Container itself, virtualization becomes a must, in itself a very good thing for disaster recovery, security, management and handling…

But true, some people here seem to be afraid of virtualization - too complex.
Probably most the same croud mentally stuck with using a .local or .lan domain…

Whatever. It’s your choice.

My 2 cents

:stop_sign: I must stop you here :stop_sign:

You’d make at your risk: could it conflict with firewalld?

General rule: do not install additional packages on NS8. Additional applications and features must run in containers. However it can be acceptable to install additional commands and tools (for instance, strace, netcat…).

1 Like


Thanks for clarification.

As said, I’d any way choose Proxmox underneath, and NethServer on top, with seperate firewall!
That works, no matter if NS7 or NS8… :slight_smile:

My 2 cents


Probably most the same crowd mentally stuck needing more than 1 public IP :champagne: :frowning:

Why make it simple if I can complicate it ?

“Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it’s worth it in the end because once you get there, you can move mountains.”
― Steve Jobs


The Italian courtier Baldassare Castiglione thought that this quality — the ability to display a certain nonchalance — was the hallmark of the ideal courtier. The idea was to make every movement and statement appear to be effortless and without thought. He called this sprezzatura.


This is a real paradigm shift. Until now in linux one was free to choose to install mostly any additional software even on a server. It was only the admins choice or decision, if this is making sense or not.

One may install any container in NS8, of course. If there is one for the software you may want to add. But only those in the software center as I understood, will work seamless with NS8. So as a part-time admin I’m no more free to choose how I build my server in the end.

To @Andy_Wismer: I do know exactly what it means “I cannot” or “I will not”.

With all respect (again) to the devs and all forum members, all important information (for me) is lying on the table. Right now, I will not migrate to NS8.

1 Like

Hi @schulzstefan

The difference is exactly the same in English as in German…, :slight_smile:
Eloquence of expression in the written form…

Where is this any different from NS7?

If you installed anything else, it was up to your capabilities and know-how if it worked seamlessly - or not.

This is stil valid for NS8, I see no difference here!

As said, no difference in capabilities, freedom of choice or whatever.

You still are free to do what you could do in NS7, with the exception of the firewall.

My 2 cents

This is not true: Davide gave a general rule, you should respect if you expect support from the community on NS8.
It doesn’t mean you are not free to choose: NS8 is Open Source and based on a Linux distribution. You can do whatever you want inside it. Just be aware that if something breaks, it will be very hard to help you recover the system.

Not all professioals are payed that much for flat-rate firewall administration.
Or not all companies have multiple places/points with installed firewall that will have so much operative advantages for automated deployiment/configuration update.

It’s a powerful tool for new and bigger customers? Absolutely.
Does it fit to the currente base install? IMVHO no.

Has been repeated many times from different representative that “small home business is still important to NethServer”.
I can understand some of the goals of the new path. I can understand that technological changes (the ones i questioned about and still mr Fattorini did not answer, I’d love to know why) had created the necessity for… not doing from scratch again NethServer.
But if “fake it until you make it” is the current gig… they’re not making it. Yet.

I’d love to emphysize that there are two lines beside my current feelings.
First line is the monumental task to transition customers from current generation of NethServer to this sort of cluster overlord which should fit the role. It’s tough, this is improving and the community are IMVHO wonderful beta testers for anticipate a lot of the bugs, design potholes, and “i forgot that” issues. Community is helping a lot into refining the 1.0 version of this kind of distro, so if the fails will be enough before the release, the product will be much more market ready.
Second line is my incapability to accept some of deflection and attempted ridiculization about what will make this product leave most of the adopters. If it’s shaped like a fork, if you can use it like a fork but it’s also a little bit sharpened on one side, you cannot sell that as a knife because it’s not.

System is not the same, paradigm is not the same, firewall will be not the same and also will be not the same from Nethesis started for, because I hardly find possible that NextSecurity can support all the modules available for OpenWRT. Seems too much expensive in term of support collection and developer time to adjust things
And viceversa, I don’t think that any module designer will take care of the different kinks between NextSecurity and OpenWRT, unless payed for it (develop a NextSecurity compatible version).

Whatever I find this pleasant or not it’s irrelevant. Industry massively pushed data, system, power consumption outside offices and companies. It’s less complicate define if you can pay a monthly fee than create accountancy for server (and amortization), licenses about hardware and software (and amortization for pay the upgrades) and CALs, power, skills (inner or on loan), backup. It’s way to easy to sell the things to accountancy with the monthly fees.
However, accountancy often can’t quantify the value of information control and privacy.
Everything outside your network perimeter is under the company control only limitately to the contract established between the company and the service provider.

In this world of “invoices a service”, being fast to deploy applications is a value. And lots of applications (invoices) are available in containers.

What’s your opinion about that? Is it a good thing or not? Do you like it?

I like it very much, it’s a big help for my work and I don’t feel like I’m doing a bad thing.

Some posts of this forum against or in favour of the firewall split are maybe too much ideologically biased. However we explained many times the technical reasons to do it. It was an hard decision, and I’m sorry if someone is not happy with it. I think there are more development constraints than market opportunities in that hard choice.

You wrote a long post: I think it is very relevant.

1 Like

These are some sensational comments that I don’t find helpful to the discussion.

Yes, everything COULD be done. Perhaps you’d like to compile all your packages, write your own kernel, and solder your own hardware as well?

The fact is that everyone has a line (acceptable threshold) of what they want to do for their servers. It’s a wasted effort to try to convince others to join you in your position.

Another fact is that this fundamental shift in NS8 moves the line of what is being expected of existing NethServer admins. I think this has not been stated clearly enough.

But the decision has been made, so I won’t waste my time debating it. I’m sure the team has done the math and decided this is what’s best for their goals for the product; but you can’t be surprised that existing users (and customers) disagree and are not happy with a change that means more work for them.

As for me, I’ll spend my time and money on a product that does what I want it to: let me self-host all my my things with minimum effort and a good level of control when I want it.

It’s been fun. Thanks for your hard work Neth Server team :slight_smile:


This, and a lot of other points mentionned here by some ole die-hards do not help the discussing either.

The world is moving forward, security has changed, a lot else has changed too!

Horses were once the king when it came to human mobility.
When cars came in, horses went out.
Sure, a lot of complaints - by interest groups, like Smiths, Breeders, others.

Nowadays? Most people with horses drive the most expensive cars as transport, horses are “for fun” or as status symbols. And the financial means to afford the decadence? Hardly ever earned through hard work!

Horses, as a method of mobility for humans, has literally become a dinosaur!
And dinosaurs? Became Oil during the millenia - and helps humanity to power their cars!

That is a well known fact - some just ignore facts…

My Philosophy?

I don’t want to change the world.
For one it’s not mine, I didn’t create it or bought it.
I just live here, like a renter in an appartment.
When I move on, I’ll give up the place as I took it over, or as good as possible.

So no, I don’t want to make the world a better place.
But I can try to improve the neighborhood, what’s around me or close.

In that sense, I can try to propagate “best practices” in networking, according to my know how and experience of 35 years. And by the feedback, a lot of the folks here have gladly accepted my input for their projects.

I wish you a lot of luck, happiness and a well running server in your quest for the ideal All-In-One server

My 2 cents

I’m sure the NethServer Team will put your previous generous donation to good use!
But do forgive me when I find the statement somewhat “broad-guaged”…


Actually its not about eloquence, these are completely ifferent words with different meanings.
albeit most of the terms we use them interchangeably

will ot is more a state of choice and wants while can not is more a state of ability.

eg, i will not use github
i cannot install opnsense in nethserver

i guess maybe we could have a box like this one to power Nethsecurity
(19) This is a SUPER Homelab REVOLUTION Evolution! - YouTube

wait, is it Nethsecurity or NExtsecurity, i see alot of mixmatch in the forums.

1 Like

This is our fault, the code name was NExtsecurity but the official one is NethSecurity.
We are very close to an Alpha1 announcement, we will try to explain also this part!


Great BOX for Home LAB. It looks like a NAS Motherboard with ports ideal for Home Server. I am not able to find it available in India.

I recently purchase one Old hp MiniPC Core i5 6th Gen, 16GB RAM, 500 GB NVME for testing purpose Proxmox and various VM. Eventually I have planned to use it as NAS and to monitor IP Camera.