Skip to content
NGFW.sh Docs

Installation

Supported Platforms

Section titled “Supported Platforms”

NGFW.sh agent runs on the following platforms:

PlatformArchitectureStatus
OpenWrt 23.xmipsel, arm, aarch64Supported
Debian 12+amd64, arm64Supported
Ubuntu 22.04+amd64, arm64Supported
Alpine 3.18+amd64, arm64Supported

Hardware Requirements

Section titled “Hardware Requirements”
  • CPU: 500MHz+ (dual-core recommended)
  • RAM: 128MB minimum, 256MB recommended
  • Storage: 32MB for agent, 128MB for logs

Installation Methods

Section titled “Installation Methods”
Section titled “Quick Install (Recommended)”
Terminal window
curl -fsSL https://get.ngfw.sh | sh -s -- --api-key YOUR_API_KEY

OpenWrt

Section titled “OpenWrt”
Terminal window
# Add the NGFW.sh repository
echo "src/gz ngfw https://packages.ngfw.sh/openwrt/$(. /etc/openwrt_release && echo $DISTRIB_RELEASE)" >> /etc/opkg/customfeeds.conf


# Update and install
opkg update
opkg install ngfw-agent


# Configure
uci set ngfw.agent.api_key='YOUR_API_KEY'
uci commit ngfw


# Start the service
/etc/init.d/ngfw-agent start
/etc/init.d/ngfw-agent enable

Debian/Ubuntu

Section titled “Debian/Ubuntu”
Terminal window
# Add repository
curl -fsSL https://packages.ngfw.sh/gpg | sudo gpg --dearmor -o /usr/share/keyrings/ngfw.gpg
echo "deb [signed-by=/usr/share/keyrings/ngfw.gpg] https://packages.ngfw.sh/apt stable main" | sudo tee /etc/apt/sources.list.d/ngfw.list


# Install
sudo apt update
sudo apt install ngfw-agent


# Configure
sudo ngfw-agent configure --api-key YOUR_API_KEY


# Start
sudo systemctl enable --now ngfw-agent

Docker

Section titled “Docker”
Terminal window
docker run -d \
  --name ngfw-agent \
  --network host \
  --cap-add NET_ADMIN \
  --cap-add NET_RAW \
  -e NGFW_API_KEY=YOUR_API_KEY \
  ghcr.io/danielbodnar/ngfw-agent:latest

Verification

Section titled “Verification”

After installation, verify the agent is running:

Terminal window
# Check service status
systemctl status ngfw-agent


# View logs
journalctl -u ngfw-agent -f


# Test connectivity
ngfw-agent status

Your device should appear as “Online” in the NGFW.sh dashboard within 30 seconds.

Troubleshooting

Section titled “Troubleshooting”

Agent won’t start

Section titled “Agent won’t start”

Check the logs for errors:

Terminal window
journalctl -u ngfw-agent --no-pager -n 50

Connection issues

Section titled “Connection issues”

Verify outbound connectivity to the API:

Terminal window
curl -I https://api.ngfw.sh/health

Firewall conflicts

Section titled “Firewall conflicts”

If you have existing iptables rules, the agent may need to be configured to work alongside them. See Advanced Configuration for details.