Turn Nmap scans into OPNsense firewall rules — in seconds.
| Feature | Description | |
|---|---|---|
| 📡 | Nmap XML Import | Parse scan output into a structured host/port view |
| 🦈 | PCAP Import | Load Wireshark .pcap / .pcapng captures as an alternative input |
| ⚙️ | Recommendation Engine | Three risk profiles generate OPNsense-ready rules automatically |
| 🛡️ | OPNsense Integration | Deploy rules directly via the REST API |
| 🗂️ | Staging Area | Review, reorder, and remove rules before they go live |
| 💾 | Backup Before Deploy | Automatic config backup taken first — deploy aborts if backup fails |
| ✅ | Post-Deploy Validation | Re-runs Nmap to confirm previously open ports are now filtered |
| 🔐 | OS Keyring Storage | Credentials live in Keychain / Credential Manager / Secret Service — never on disk |
| 📋 | Audit Log | Timestamped record of every action within a session |
| Profile | Behavior |
|---|---|
| Strict | Zero-trust — block all unless service confidence = 10 |
| Balanced | CIS Level 1 baseline |
| Permissive | Log-only, no blocking |
| Platform | File |
|---|---|
| 🐧 Linux | RuleForge_0.1.0_amd64.AppImage |
| 🪟 Windows | ruleforge.exe |
chmod +x 'RuleForge_0.1.0_amd64.AppImage'
./'RuleForge_0.1.0_amd64.AppImage'Requires WebKit2GTK:
sudo apt install libwebkit2gtk-4.1-0
Run ruleforge.exe directly — no installer needed.
1. Import → Open an Nmap XML (nmap -oX scan.xml <target>) or trigger a live scan
2. Review → Inspect discovered hosts, open ports, and service fingerprints
3. Generate → Pick a risk profile; the engine produces a full rule set
4. Stage → Review, reorder, or remove individual rules
5. Deploy → Apply to OPNsense (config backup taken automatically)
6. Validate → Follow-up scan confirms filtered ports
- In your OPNsense web UI go to System > Access > Users and create a dedicated API user with firewall privileges
- Generate an API key and secret for that user
- In RuleForge open Settings and enter your OPNsense hostname/IP, API key, and API secret
- Click Test Connection — the detected firmware version confirms the connection
Credentials are stored in your OS keyring and loaded at startup. They are never written to disk or sent back to the UI after the initial save.
RuleForge parses .pcap and .pcapng files in addition to Nmap XML — useful when you have an existing traffic capture and want to derive rules from observed connections rather than active scanning.
Note: If your PCAP fails to load, uncheck Use Rich File Format in the import dialog. Wireshark's extended format includes metadata blocks the parser does not currently support; standard pcap and plain pcapng files load without issue.
- Rust (stable toolchain)
- Node.js 18+
- Nmap on your
PATH - Tauri system dependencies — see the Tauri prerequisites guide
npm install
npm run tauri dev# Linux AppImage / Windows .exe
npm run tauri buildsrc/ # React frontend
components/ # Dashboard, StagingArea, LogsPanel, Settings, Sidebar, CapturePanel
hooks/ # useTheme, useLogs
src-tauri/src/
nmap/mod.rs # Nmap XML parser → ScanResult
opnsense/
client.rs # OPNsense REST client (reqwest + rustls, zeroizing creds)
rules.rs # FirewallRule types and validation
commands/
nmap.rs # parse_nmap_xml, run_live_scan
opnsense.rs # save/load/clear config, deploy rules, validate scan
recommendation.rs # generate_recommendations
capture.rs # PCAP import
engine/mod.rs # Recommendation engine (Strict / Balanced / Permissive)
lib.rs # AppState, plugin registration, command handler registration
- TLS verification is enabled by default; a toggle is available for self-signed cert setups (dev only)
- Rule deployments are capped at 200 rules per batch to prevent accidental bulk changes
- SSRF protection: the OPNsense host field rejects URL schemes,
@characters, and non-hostname characters - Credentials are zeroed from memory when
OPNsenseClientis dropped (zeroizecrate)
| Layer | Technology |
|---|---|
| Framework | Tauri 2.0 |
| Backend | Rust (tokio async runtime) |
| Frontend | React 18 + TypeScript + Vite |
| Styling | Tailwind CSS + Lucide icons |
| HTTP client | reqwest (rustls-tls) |
| XML parsing | quick-xml |
| PCAP parsing | pcap-file + etherparse |
| Credential storage | keyring v3 |
| Memory safety | zeroize |
Issues and pull requests are welcome. For significant changes please open an issue first to discuss what you'd like to change.
This project is licensed under the GNU General Public License v3.0.
You are free to use, modify, and distribute this software under the terms of the GPLv3. Any distributed modifications must also be released under the GPLv3.