Palisade
A native Linux firewall control surface for nftables with privilege separation, validation, snapshots, and rollback.
Overview
Palisade is a native Linux GUI for direct nftables management. It is designed for admins and self-hosters who want controlled firewall mutation without hiding the real nftables model behind a lossy abstraction.
Architecture
The safety boundary is the product:
- privileged Rust daemon
- unprivileged Tauri/React GUI
- D-Bus integration
- nftables JSON operations
- systemd integration
- Unix monitor socket
- service-registration API
- validate -> snapshot -> apply -> confirm/rollback flow
Direct firewall mutation stays behind the daemon boundary. The GUI is a client surface, not the authority.
Why It Matters
Palisade is a public example of the same control-boundary philosophy used in Recall: material operations should have explicit authority, validation, rollback, and receipts.
Next Gates
- Publish a mutation receipt format for firewall operations.
- Exercise restore drills and failure-injection tests.
- Document service coexistence and emergency rollback semantics.
- Keep privilege boundaries visible in product docs, not just code.
Have questions about Palisade?
Try asking the AI assistant! Here are some ideas:
Related Projects
Gloss
A local-first desktop knowledge application for grounded chat over personal documents, with notebook-local storage and source-linked answers.
VisionForge
A Tauri 2 app that connects Ollama and ComfyUI through a local prompt-engineering, queue, gallery, and generation-receipt workflow.
Sortarr
A Rust daemon and React UI for organizing self-hosted media libraries with metadata matching, dry-run planning, and review gates.