Hello misc, I am pleased toannounce the initial public release of Tangent Networks UTM, an open-source Unified Threat Management platform built directly on a stock OpenBSD installation and available for both amd64 and arm64 systems.
Source repository: https://github.com/tangentnetworks/tangent-networks-utm Project website: https://tangentnet.top Licensed under the BSD 3-Clause License. Tangent Networks UTM is not a firewall distribution or appliance image. It is a self-hosted UTM stack and browser-based management platform implemented using native OpenBSD facilities and designed around the operating system's security model. Notable characteristics include: * Strict privilege separation between the WebUI and privileged management operations. * A queue-based architecture in which the WebUI operates as the unprivileged www user inside the /var/www chroot, while privileged configuration changes are processed asynchronously by dedicated backend runners. * Extensive use of OpenBSD security primitives, including chroot(2), pledge(2), unveil(2), PF, and privilege separation. * Transparent dual-stack inspection using PF diversion and an inspection chain consisting of SSLproxy, Snort, e2guardian, p3scan, and smtp-gated. * Memory-backed handling of high-write runtime data to reduce storage wear and improve appliance longevity. The current release supports OpenBSD 7.8 and 7.9 on both amd64 and arm64. All packages are built and maintained for both architectures. Support for more abstract interface tracking and expanded network topologies is planned for the OpenBSD 8.0 roadmap. Installation is fully automated and includes system preparation, package deployment, service orchestration, chroot construction, logging infrastructure, and rollback tooling. Feedback, code review, architectural critique, security analysis, and general testing are all welcome. Many thanks to the OpenBSD developers and community for building an operating system that makes projects such as this possible. Regards, David Peter Tangent Networks https://tangentnet.top
