Dog

Dog is a distributed firewall management system designed to manage hundreds+ of per-server firewalls. Currently iptables on Linux supported, but others could be added.

Dog is your network guard dog.

Why Dog? Need consistent network access rules across hundreds+ of servers in multiple regions on multiple providers? Need defense-in-depth, beyond gateway firewalls? Need blocklists with thousands of addresses distributed across many servers updated constantly? Need to limit number of connections and/or bandwidth usage? Sick of error-prone manual updates of per-server iptables rules? Features Centrally manage hundreds+ of per-server iptables firewalls. Works across clouds, regions, and on-premise infrastructure. Adapts to dynamic address changes. Large blocklists/allowlists can be used and will be updated across all servers in seconds. Rules scale to tens of thousands of addresses (using ipsets). Alerts if servers fail to communicate or if their firewalls are modified outside of dog control. Reactive web interface. API for external integrations. Tested in production with hundreds of servers. Multiple dog_trainers can be federated together to allow sharing of addresses, while allowing each dog_trainer to have its own security rules. Integration with Flan Scan, a network vulnerability scanner. Agents support Linux 2.6+ iptables firewalls. Supports cloud public IP addresses (currently only EC2).