Kwall
Kwall is a Rust terminal UI for reviewing Linux firewall plans built with scrin and its built-in Aisling effects.
This project is configured to use the local scrin crate at ../KnottTUI so it
tracks your local widget/toolkit changes during development.
Current status: safe dry-run prototype. It stages firewall rules and renders command plans for ufw, iptables, and nftables, but it does not execute commands, edit /etc, or write firewall state.
Safety Model
- No live executor exists yet.
- The UI only creates an in-memory rule plan.
- Generated commands are displayed for review only.
- No tests or live firewall probes are run by default.
TUI Controls
qorEsc: quitTab: switch pages1/2/3/4/5: jump to Dashboard, Rules, Ports, Plan, Advisor:or/: open the command palettef: move active panel focus on the Dashboard pageUp/Down: move selectionEnterord: block/unblock the selected known service portN: jump to the highest-priority at-risk known portn: stage a block for the highest-priority at-risk known portM: stage blocks for the top dashboard priority queueX: mark or remove a reviewed exception for the selected allowed risky portF: cycle the known-port filter: all, named, at-risk, open, blocked, allowedG: cycle the known-port service-group filterK: cycle the known-port risk-class filterg: stage blocks for every known port in the selected service groupB: stage blocks for every known port in the selected risk classV: stage blocks for every known port visible under the active filtersA: stage allows for every known port visible under the active filtersh: stage blocks for known high-risk/admin/data portsY: apply the strongest currently recommended dry-run profiley: apply the management-preserving recommended dry-run profile when availablew: apply the workstation dry-run profilee: apply the web-server dry-run profileD: apply the developer dry-run profilek: apply the lockdown dry-run profiler: run advisor quick fixu: undo the last staged dry-run changeo: export a local dry-run report for reviewS: export a safe commented command-preview shell scriptm: export a review-only JSON dry-run manifestE: export the report, safe script, and JSON manifest togetherI: toggle the planned default incoming policyO: toggle the planned default outgoing policyc: clear all staged rules while keeping undo availableR: restore the safe starter dry-run plan while keeping undo availableb: stage a deny/block rule for the selected service porta: stage an allow rule for the selected service portSpace: toggle the selected staged rulex: remove the selected staged rulep: cycle the preview backendl: toggle planned logging behaviors: toggle the dry-run safety popup?: open the help modal
Build note
-
The project uses
scrin = "0.1.84"in normal dependency form and overrides it to local sources through[patch.crates-io]. -
If you want to use crates.io only, remove the local override from the
[patch.crates-io]section inCargo.toml.
Scrin Feature Upgrades
This release of Kwall is aligned with scrin 0.1.84 and takes advantage of:
- diff/frame timing via
Terminal::draw_timedandFrameTiming - safer no-op path instrumentation for performance tuning
- frame diagnostics hooks and dirty-run updates via the new terminal internals
- render scheduling aligned to the latest
present/FrameDiagnosticbehavior
Set KWALL_FRAME_METRICS=1 to display per-frame timing and byte stats in the status bar.
Manual TUI Smoke Test
- Run with
cargo runand open the command palette with:. - Trigger a bulk action (for example,
hfor high-risk hardening orVto stage visible candidates). - Verify the confirmation modal appears before staging actions:
Enterconfirms the actiony/Yconfirms the actionncancels the actionEscdismisses the modal
- Verify overlay toggles and focus flow:
:or/opens the command paletteEsccloses the command palette:+qkeeps the palette open and recordsqin the query (quit is shielded)- While the palette is open,
qis treated as palette input, not quit - Repeating
Esccloses one layer at a time (palette/help/safety), then quits on the next key when clear ?opens the help modal?,Enter, orEscclose the help modalstoggles the safety popup
- Confirm no firewall files or system state changes occur (review-only behavior).
- Toggle the palette and repeat a no-op path (already-safe candidate set) to verify it reports no changes and does not open confirmation.
Manual Smoke Transcript
cargo run- Press
:thenq→ palette opens, query becomesq - Press
Esc→ palette closes, app stays open - Press
Escagain → app exits - Open palette with
:and runclear-rules - Press
Escin confirmation modal → action canceled - Press
:,h,Enter→ hardening staged asConfirm hardeningflow - Press
:and typehelpthenEnter→ help overlay opens and?/Esccloses it - Press
sandEsc→ safety popup opens then closes - Optional quick checks:
:cycle-backend,:toggle-logging,:toggle-default-incoming,:toggle-default-outgoingshould update values in Plan snapshot
TUI Features
- Clean dashboard overview with one accent color
- Dashboard priority strip for the next at-risk port or review-ready state
- Dashboard priority queue for the next at-risk ports
- Risk-scored priority queue with deterministic reasons in dashboard and review exports
- Reviewed exception workflow for intentionally allowed risky ports
- Priority-port jump from the dashboard or command palette
- One-key priority-port block action
- One-key priority-queue block action
- Dynamic dashboard panes that expand around active focus
- Expanded known service port catalog with service groups
- Known service aliases for easier review and search matching
- Alias-aware named filter for common services like SSH, nginx, Postgres, and Docker
- Known service port list with block/open/allowed status
- Known-port coverage totals in the dashboard and review exports
- Review-readiness grade in the dashboard and review exports
- Review gates with blocker/warning/pass status, including recommended-profile safety
- Management-access guard for SSH/RDP/VNC/Kubernetes lockout review
- Service-group coverage summaries in Ports view and review exports
- Risk-class coverage summaries in Ports view and review exports
- Known-port status catalog in report and JSON review exports
- Per-port review recommendations in report and JSON review exports
- Focused at-risk open port list in report and JSON review exports
- Focused at-risk allowed port list in report and JSON review exports
- Suggested review order in report and JSON review exports
- Priority-port queue in report and JSON review exports
- Reviewed exceptions in dashboard, advisor, report, and JSON review exports
- Filtered known-port navigation by risk and staged status
- Service-group filtering for the known-port catalog
- Risk-class filtering for the known-port catalog
- Direct block/unblock workflow for common ports
- Bulk risk-class blocking from the known-port catalog
- Bulk blocking for the current known-port filter result
- Bulk allowing for the current known-port filter result
- Bulk group blocking and dry-run profiles
- Lockout-aware strongest dry-run profile recommendation with score and rationale
- Dashboard summary for strongest and management-preserving profile actions
- Management-preserving safer profile alternative in Plan, report, and manifest exports
- Strongest and management-preserving profile change previews before application
- One-key application of strongest and management-preserving recommended dry-run profiles
- Profile impact preview with management lockout details before staging a profile
- Advisor tab with conflict detection, risk review, and quick fixes
- Next advisor action surfaced in the dashboard and review exports
- Advisor severity totals in the dashboard and review exports
- In-memory undo checkpoints for staged changes
- Undoable default policy controls and staged-rule clearing
- Undoable reset back to the starter dry-run plan
- Local dry-run report export with staged rules, known-port status, advisor findings, and command previews
- Safe shell preview export that exits before commented firewall commands
- Machine-readable JSON manifest export with known-port status details
- One-shot review bundle export for all generated artifacts
- Stable review fingerprint shown in the Plan page and exported artifacts
- Cross-backend command count comparison for UFW, iptables, and nftables
- Table view for generated firewall command plans
- Status bar, help modal, safety popup, toasts, tabs, and command palette
Dry-Run Profiles
- Workstation: blocks legacy, file sharing, data, admin, dev, and orchestration services.
- Web server: allows HTTP/HTTPS and blocks data, dev, file, legacy, orchestration, and observability services.
- Developer: blocks legacy, file sharing, data, and orchestration services.
- Lockdown: blocks every known service port in the catalog.
Roadmap
- Add real system discovery behind explicit opt-in.
- Add a guarded live executor with confirmation, privilege checks, and rollback plans.
- Add CLI commands after the TUI workflow is stable.