Firewalla runs on a full Linux distribution with full shell access, so ... there is virtually no limitation on what it can do. If you are good with technology, we want you to "hack" the system and make it better! And if you do have a good "hack" please let us know!
One of the major problems of having an open system is ... over time, the system will get polluted with stuff. With the Firewalla Gold, we are introducing Docker Containers.
What is a Docker Container?
- Docker is a tool that allows developers, sys-admins, etc. to easily deploy their applications in a sandbox (called containers) to run on the host operating system i.e. Linux. The key benefit of Docker is that it allows users to package an application with all of its dependencies into a standardized unit for software development. Unlike virtual machines, containers do not have high overhead and hence enable more efficient usage of the underlying system and resources. (https://docker-curriculum.com/)
What are the advantages?
- Isolation: you can fully contain one application inside a docker container without messing with the running operating system.
- Better Performance: containers can perform much better than virtual machines.
- Portable: many known services already have docker support, so you can easily deploy them on firewalla
A few reminders before you start:
Containers will help you to bring network-based functions... closer to the network.
- WARNING: the Gold is NOT a general computer. Please be careful with what you install on the Gold. Containers cost CPU and memory... and if not careful, may cause security problems.
- The Gold has a default ingress (outside to inside) Firewall, please do not turn it off.
- Watch out for ports being opened by services, make sure they are never mapped to the WAN interface (unless you know what you are doing).
- Watch out for disk space... Your Gold may not run correctly if you create too many docker images and not manage them correctly.
Docker container examples:
To help you get started, we have created a few examples based on the feedback from our current user base. Please note, these are examples only, we do not endorse or implies these brands endorse us in any way.
Homebridge via Docker
Homebridge adds HomeKit support to your non-HomeKit smart home devices.
Pi-hole via Docker
Unifi-Controller via Docker
Certain modules may require special access permissions from the docker network module, and this may require special processing in the Firewalla code to open the ingress or egress firewalls. This piece of code is coming to 1.971. This is the reason pi-hole instructions are a bit late.
All product names, logos, and brands are the property of their respective owners. All company, product, and service names used in this website are for identification purposes only. The use of these names, logos, and brands does not imply endorsement.