FireCtl

Workflow-first iOS app for OPNsense and Proxmox. Not a webview wrapper — the actions you actually do on mobile, two taps away. Launch sale until end of May: 50% off

FireCtl — Manage your OPNsense firewall from iPhone and iPad

Native iOS app for administrators, MSPs, and home-lab enthusiasts. Clean SwiftUI interface, fast response, full support for Dark Mode, Widgets, and iPadOS.

THE APPROACH

FireCtl is not a web UI wrapped in an app. Rather than rebuilding the OPNsense web interface on a small screen, FireCtl was designed around the workflows you actually do on mobile: promoting a lease to a reservation, pushing an IP from Safari into an alias, taking a snapshot before a firmware update, checking WAN failover on the go. Every screen is a tool, not a rebuilt browser tab.

FEATURES

Dashboard & Widgets

• Live system status at a glance
• Four home-screen widgets: Multi-WAN failover, system health, VPN connections, certificate expiry
• Audit log with complete configuration history
• What's New card on every version upgrade

Firewall

• Aliases with Share Extension (add hosts/IPs from Safari or any other app)
• Manage and filter rules
• Live logs with interface, action, and protocol filters, universal search, and auto-refresh
• Rule label visible inline in each log row

Network

• DHCP leases for ISC, Kea, and dnsmasq — all three backends in parallel
• Reservations management for all backends, promote-to-reservation in one tap
• Promote DHCP lease to FreeRADIUS user in two taps (with optional MAC address adjustment for random-MAC devices)
• ARP/NDP tables with filter
• VLAN library with profile-specific storage
• Active states card showing the connection table

Gateways

• Gateway list with live status (online, offline, down)
• Latency, RTT, and packet loss per gateway
• Multi-WAN failover visible in the dedicated home-screen widget

Services

• Unbound DNS with host and domain overrides
• OpenVPN, WireGuard, and Tailscale status
• FreeRADIUS (when installed)
• Kea and dnsmasq DHCP configuration

Diagnostics

• Ping with live statistics and stop control
• Traceroute with per-hop RTT

Certificates

• Complete list of all certificates
• Filter by expiry: 30, 60, 90 days
• Revoke and CRL management
• Delete directly from the app

System

• Firmware updates including plugin updates
• Configuration backups
• Snapshot management
• Reboot

NEW IN VERSION 1.5: PROXMOX VE INTEGRATION

Proxmox hosts are now part of FireCtl:

• Cluster overview with all nodes (CPU, RAM, storage, LAN rate, uptime)
• Start, stop, restart virtual machines and LXC containers
• Snapshots at VM and container level
• Auto-snapshot before OPNsense firmware updates with user abort option on failure
• Sort by name, CPU, RAM, uptime, or status

Profiles

• Manage up to 10 OPNsense and Proxmox installations
• iCloud sync (optional)
• Quick switching between profiles
• App lock with Face ID / Touch ID

LANGUAGES English, German, French, Spanish, Italian, Portuguese (Portugal and Brazil)

SECURITY

• API keys stored in iOS Keychain, optionally synced via iCloud
• No telemetry tracking, no analytics, no advertising
• No cloud relay — direct connection from app to firewall
• Self-signed certificates supported with explicit trust confirmation
• Demo mode for trying the app without any real configuration

SUPPORTED VERSIONS OPNsense: 24.x, 25.x, 26.x Proxmox VE: 8.x, 9.x (in preparation)

HELP & DOCUMENTATION firectl.com firectl.com/docs/permissions

Beta testing thanks: Chris Gelatt (LinkedIn: https://www.linkedin.com/in/chrisgelatt/)