
Show HN: Pfelk, a customizable pfSense/OPNsense firewall visualization - uaas
PFELK is a pfSense&#x2F;OPNsense firewall traffic visualization solution based on ELK stack. It is a highly customizable tool that let’s you have extensive insight into your network traffic.<p>Key points:<p>- pfSense&#x2F;OPNsense support<p>- openVPN support<p>- pfSense&#x2F;Suricata&#x2F;Snort dashboards with interactive Maps support (MaxMind GeoIp fields, src -&gt; dest locations, Heatmap, etc.)<p>- deploy with ansible-playbook, docker or script.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;3ilson&#x2F;pfelk" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;3ilson&#x2F;pfelk</a>
======
chanz
Thanks for sharing this really looks cool. But there are some things that make
me hesitate using it:

1\. Maxmind: Since I don't know the company and it seems its only providing
the geoip-database, my question is: Can it be disabled or left out at all?

2\. Java: Its my personal preference to avoid using oracle products at all
cost. Is openjdk an alternative?

3\. Is the geo-graphical visualization all Pfelk can do? Is there a feature
list or demo?

~~~
uaas
1: Well, it can be useful to map your src and dest ips to a map, but it can be
left out, since the dashboards are fully customizable. Anyway, Maxmind GeoIP
is widely used in this and other areas.

2: Yes, openjdk is supported

3: No, with this setup, you can extend the stock firewall functionality by
forwarding everything to an ELK instance. You can search and visualize all of
your firewall log entries with the full power of Elasticsearch.

Yes, a complete feature list and/or demo would be great, we will work on
those, thank you for your feedback.

Feel free to reach out if you have any questions!

~~~
chanz
Thank you for your reply. Is there a roadmap of what you work on?

~~~
a3ilson
Roadmap is currently in development...seeking feedback and inputs for future
enhancements. Thanks for your input.

------
chaz6
Thanks for making this! I would be interested in support for netflow so that
it could potentially work with any capable router/firewall.

~~~
a3ilson
Netflow is easily supported. However, it requires another instance of
Logstash. Although ntopng does a phenomenal job with this, it can be easily
included. I'll add, for consideration, as a future roadmap plug-in.

------
ianai
Wonder how I’d use something like this to nail down and block the advertising
in stuff like embedded apps.

~~~
CommieBobDole
Pi-hole works pretty well for that - I don't see a lot of ads in phone apps
when I'm at home.

[https://pi-hole.net/](https://pi-hole.net/)

------
nodesocket
This is awesome. Anything like this for Ubiquiti EdgeMax gear?

~~~
a3ilson
Hypothetically yes and would only require adjustments. Although, I do not have
any Unifi gear other than a couple of access points. I'll look into adding
Unifi support in the near future.

