FireCtl
Tobias Zehndbauer
FireCtl — Manage your OPNsense firewall from iPhone and iPad Native iOS app for administrators, MSPs, and home-lab enthusiasts. Clean SwiftUI interface, fast response, full support for Dark Mode, Widgets, and iPadOS. THE APPROACH FireCtl is not a web UI wrapped in an app. Rather than rebuilding the OPNsense web interface on a small screen, FireCtl was designed around the workflows you actually do on mobile: promoting a lease to a reservation, pushing an IP from Safari into an alias, taking a snapshot before a firmware update, checking WAN failover on the go. Every screen is a tool, not a rebuilt browser tab. FEATURES Dashboard & Widgets - Live system status at a glance - Four home-screen widgets: Multi-WAN failover, system health, VPN connections, certificate expiry - Audit log with complete configuration history - What's New card on every version upgrade Firewall - Aliases with Share Extension (add hosts/IPs from Safari or any other app) - Manage and filter rules - Live logs with interface, action, and protocol filters, universal search, and auto-refresh - Rule label visible inline in each log row Network - DHCP leases for ISC, Kea, and dnsmasq — all three backends in parallel - Reservations management for all backends, promote-to-reservation in one tap - Promote DHCP lease to FreeRADIUS user in two taps (with optional MAC address adjustment for random-MAC devices) - ARP/NDP tables with filter - VLAN library with profile-specific storage - Active states card showing the connection table Gateways - Gateway list with live status (online, offline, down) - Latency, RTT, and packet loss per gateway - Multi-WAN failover visible in the dedicated home-screen widget Services - Unbound DNS with host and domain overrides - OpenVPN, WireGuard, and Tailscale status - FreeRADIUS (when installed) - Kea and dnsmasq DHCP configuration Diagnostics - Ping with live statistics and stop control - Traceroute with per-hop RTT Certificates - Complete list of all certificates - Filter by expiry: 30, 60, 90 days - Revoke and CRL management - Delete directly from the app System - Firmware updates including plugin updates - Configuration backups - Snapshot management - Reboot NEW IN VERSION 1.5: PROXMOX VE INTEGRATION Proxmox hosts are now part of FireCtl: - Cluster overview with all nodes (CPU, RAM, storage, LAN rate, uptime) - Start, stop, restart virtual machines and LXC containers - Snapshots at VM and container level - Auto-snapshot before OPNsense firmware updates with user abort option on failure - Sort by name, CPU, RAM, uptime, or status Profiles - Manage up to 10 OPNsense and Proxmox installations - iCloud sync (optional) - Quick switching between profiles - App lock with Face ID / Touch ID LANGUAGES English, German, French, Spanish, Italian, Portuguese (Portugal and Brazil) SECURITY - API keys stored in iOS Keychain, optionally synced via iCloud - No telemetry tracking, no analytics, no advertising - No cloud relay — direct connection from app to firewall - Self-signed certificates supported with explicit trust confirmation - Demo mode for trying the app without any real configuration SUPPORTED VERSIONS OPNsense: 24.x, 25.x, 26.x Proxmox VE: 8.x, 9.x (in preparation) HELP & DOCUMENTATION firectl.com firectl.com/docs/permissions Beta testing thanks: Chris Gelatt (LinkedIn: https://www.linkedin.com/in/chrisgelatt/)