Server Tool · Firewall Management

Firewall management
that speaks Linux.

PetaGuard gives you a clean, unified interface for managing iptables, nftables and ufw — with rule history, rollback, dry-run mode and instant alerts when rules change. Stop memorizing iptables syntax.

Unified firewall interface

One consistent CLI and web UI across iptables, nftables and ufw. Every rule change is logged, versioned and reversible. Dry-run before you apply.

Download PetaGuard Documentation ›

#PetaGuard #Firewall #ZeroSyntax

What Is PetaGuard

One interface for
every Linux firewall.

Linux has three major firewall backends — iptables, nftables and ufw — each with its own syntax, quirks and learning curve. PetaGuard sits on top of all three and gives you a single, consistent interface regardless of which distro or backend you are on.

Every rule change is written to a version-controlled log. You can diff any two snapshots, roll back to any previous state and preview what a rule change would do before applying it.

iptables / nftables / ufw — one CLI for all backends, auto-detected
Rule versioning — every change timestamped, diffable and reversible
Dry-run — preview exactly what will change before applying
Rule templates — common patterns: web server, SSH-only, game server
Alert on change — Slack or email when any rule is modified
Web UI — visual rule editor on localhost:7477
Ansible integration — manage rules idempotently in playbooks

petaguard — rule management nftables

# List all active rules
$ petaguard list

INPUT ACCEPT tcp dport 22 (ssh) · any
INPUT ACCEPT tcp dport 80 (http) · any
INPUT ACCEPT tcp dport 443 (https) · any
INPUT DROP all dport — (default) · any

# Add a rule with dry-run first
$ petaguard allow --port 5432 --from 10.0.0.0/8 --dry-run

→ Would add: INPUT ACCEPT tcp dport 5432 src 10.0.0.0/8
→ No changes applied. Run without --dry-run to apply.

$ petaguard allow --port 5432 --from 10.0.0.0/8
✓ Rule added. Version 14 saved. alert → slack.

# Rollback to previous version
$ petaguard rollback --to 13
✓ Rolled back to version 13.

Features

Firewall control
without the danger.

Unified CLI

One command set for iptables, nftables and ufw. PetaGuard detects your backend automatically.

Instant Rollback

Every rule change creates a version. Roll back to any previous state in one command — no downtime.

Dry-run Mode

Preview every change before applying it. See exactly which rules will be added, modified or removed.

Change Alerts

Get Slack or email notification when any firewall rule is added, changed or deleted — on any server.

Rule Templates

Apply predefined rulesets: web server, mail server, SSH-hardened, game server. Editable before apply.

Web Rule Editor

Visual drag-and-drop rule editor on localhost:7477. See your full ruleset at a glance.

Installation

Install PetaGuard.

Install

bash
$ sudo apt install petaguard  # or dnf, yay

Start and take a snapshot

bash
$ sudo systemctl enable --now petaguard
$ petaguard snapshot  # save current rules as version 1
✓ Snapshot saved. Backend: nftables.

✓

Start managing rules safely

bash
$ petaguard allow --port 443 --dry-run
$ petaguard list

Common commands

Command	Description
petaguard list	Show all active firewall rules
petaguard allow --port N	Allow incoming traffic on port N
petaguard deny --port N	Block incoming traffic on port N
petaguard snapshot	Save current rules as a named version
petaguard diff v1 v2	Show diff between two rule snapshots
petaguard rollback --to N	Restore rules to version N instantly
petaguard apply --dry-run	Preview all pending changes
petaguard web	Open web rule editor on port 7477

iptablesnftablesufw

UbuntuDebianArchRHELAlpine+12 more

Firewall managementthat speaks Linux.

One interface forevery Linux firewall.

Firewall controlwithout the danger.