## What is dog?
dog is a distributed firewall management system designed to manage hundreds+ of per-server firewalls. Currently iptables on Linux supported, but others could be added.
dog is your network guard dog.
## Why dog?
* Need consistent network access rules across hundreds+ of servers in multiple regions on multiple providers?
* Need defense-in-depth, beyond gateway firewalls?
* Need block lists with thousands of addresses distributed across many servers updated constantly?
* Need to limit number of connections and/or bandwidth usage?
* Sick of error-prone manual updates of per-server iptables rules?
* Centrally manage hundreds+ of per-server iptables firewalls.
* Works across clouds, regions, and on-premise infrastructure.
* Adapts to dynamic address changes.
* Large block/allow lists can be used and will be updated across all servers in seconds.
* Rules scale to tens of thousands of addresses (using [ipsets](https://ipset.netfilter.org/)).
* Alerts if servers fail to communicate or if their firewalls are modified outside of dog control.
* Reactive web interface.
* API for external integrations.
* Tested in production with hundreds of servers.
* Multiple dog_trainers can be federated together to allow sharing of addresses, while allowing each dog_trainer to have its own security rules.
* Integration with [Flan Scan](https://github.com/cloudflare/flan), a network vulnerability scanner.
* Agents support Linux 2.6+ iptables firewalls, others can be added.
* Supports cloud public IP addresses (currently only EC2).