Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Pfelk, a customizable pfSense/OPNsense firewall visualization
51 points by uaas on March 22, 2020 | hide | past | favorite | 12 comments
PFELK is a pfSense/OPNsense firewall traffic visualization solution based on ELK stack. It is a highly customizable tool that let’s you have extensive insight into your network traffic.

Key points:

- pfSense/OPNsense support

- openVPN support

- pfSense/Suricata/Snort dashboards with interactive Maps support (MaxMind GeoIp fields, src -> dest locations, Heatmap, etc.)

- deploy with ansible-playbook, docker or script.

https://github.com/3ilson/pfelk



Thanks for sharing this really looks cool. But there are some things that make me hesitate using it:

1. Maxmind: Since I don't know the company and it seems its only providing the geoip-database, my question is: Can it be disabled or left out at all?

2. Java: Its my personal preference to avoid using oracle products at all cost. Is openjdk an alternative?

3. Is the geo-graphical visualization all Pfelk can do? Is there a feature list or demo?


1: Well, it can be useful to map your src and dest ips to a map, but it can be left out, since the dashboards are fully customizable. Anyway, Maxmind GeoIP is widely used in this and other areas.

2: Yes, openjdk is supported

3: No, with this setup, you can extend the stock firewall functionality by forwarding everything to an ELK instance. You can search and visualize all of your firewall log entries with the full power of Elasticsearch.

Yes, a complete feature list and/or demo would be great, we will work on those, thank you for your feedback.

Feel free to reach out if you have any questions!


Thank you for your reply. Is there a roadmap of what you work on?


Roadmap is currently in development...seeking feedback and inputs for future enhancements. Thanks for your input.


FWIW, MaxMind is pretty much the defacto standard for geoip lookup tables.


Thanks, I was not aware of this.


Thanks for making this! I would be interested in support for netflow so that it could potentially work with any capable router/firewall.


Netflow is easily supported. However, it requires another instance of Logstash. Although ntopng does a phenomenal job with this, it can be easily included. I'll add, for consideration, as a future roadmap plug-in.


Wonder how I’d use something like this to nail down and block the advertising in stuff like embedded apps.


Pi-hole works pretty well for that - I don't see a lot of ads in phone apps when I'm at home.

https://pi-hole.net/


This is awesome. Anything like this for Ubiquiti EdgeMax gear?


Hypothetically yes and would only require adjustments. Although, I do not have any Unifi gear other than a couple of access points. I'll look into adding Unifi support in the near future.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: