One Raspberry Pi. One install command. Full gateway: DNS ad-blocking, nftables firewall, WireGuard VPN, Suricata IPS, CrowdSec, QoS, DHCP, GeoIP — with a real-time dashboard.
AegisGate combines a DNS blocker, firewall appliance, IPS, VPN gateway, DHCP server and monitoring stack into one Raspberry Pi-friendly dashboard.
Less stitching. Fewer plugins. One policy surface.
| Feature | 🛡️ AegisGate | 🚫 Pi-hole / AdGuard | 🔥 pfSense / OPNsense | 📶 OpenWrt |
|---|---|---|---|---|
| DNS & Content Filtering | ||||
| DNS ad/malware blocking | ✓ Built-in, 680k+ domains | ✓ Core feature, excellent lists | ⚡ Via plugin / Unbound | ⚡ Manual dnsmasq setup |
| Per-client DNS policies | ✓ Groups + service bundles | ✓ Client groups | ✗ Not built-in | ⚡ Limited, manual |
| Service bundles (YouTube, TikTok, social) | ✓ One-click presets | ✗ Manual list management | ✗ Not available | ✗ Not available |
| DoH bypass protection | ✓ DNS hijack + block | ⚡ Block known DoH servers | ✗ Not built-in | ✗ Manual iptables rules |
| Firewall & Network | ||||
| Firewall / NAT | ✓ nftables, full NAT, DNAT | ✗ Not a firewall | ✓ Very strong, pf/iptables | ✓ iptables / nftables |
| Port forwarding | ✓ Dashboard UI | ✗ Not available | ✓ Full UI | ✓ LuCI UI |
| QoS / Traffic shaping | ✓ CAKE, fq_codel, HTB, HFSC | ✗ Not available | ⚡ Traffic shaper plugin | ✓ SQM / luci-app-sqm |
| Security & Threat Response | ||||
| IPS (Suricata) | ✓ Integrated, NFQ mode | ✗ Not available | ⚡ Suricata package | ✗ Not the focus |
| Auto-ban (CrowdSec) | ✓ Integrated, auto-remediation | ✗ Not available | ⚡ Package, manual setup | ✗ Not available |
| GeoIP blocking | ✓ Dashboard, country flags | ✗ Not available | ⚡ Via pfBlockerNG | ✗ Manual iptables rules |
| VPN & Remote Access | ||||
| WireGuard VPN | ✓ Built-in, per-peer ACL | ✗ Not available | ✓ Package available | ✓ Package available |
| VPN per-client routing | ✓ Dashboard-managed ACL | ✗ Not available | ✓ Full CSO / static routes | ⚡ Manual config |
| Dashboard & Monitoring | ||||
| Real-time dashboard | ✓ Security-focused, live | ✓ DNS query dashboard | ✓ Full appliance dashboard | ✓ LuCI router UI |
| DNS query log & analytics | ✓ Real-time, per-client | ✓ Core strength | ✗ Not built-in | ⚡ Limited |
| Threat timeline | ✓ Attack events, port stats | ✗ DNS queries only | ⚡ Via Suricata package | ✗ Not available |
| Deployment & Maintenance | ||||
| One-command install | ✓ curl | bash | ✓ curl | bash | ✗ Appliance image + setup wizard | ✗ Flash image + configure |
| Raspberry Pi native | ✓ Designed for Pi/Linux | ✓ Runs on Pi | ✗ Mostly x86-focused | ✓ Designed for routers |
| Unified policy surface | ✓ One dashboard for all | ✗ DNS only | ✗ Plugin-by-plugin | ✗ Package-by-package |
No extra hardware, no cloud, no subscription. DNS filtering, firewall, VPN, IPS, QoS, DHCP and monitoring — all managed from a single web interface.
680k+ domains blocked. Per-client groups, service bundles (YouTube, TikTok, social), DoH bypass, DNS hijack, query log and Pi-hole-style dashboard.
nftables stateful firewall: blacklist, allowlist, CrowdSec, IP blocklists, hostname-based rules, DNAT, masquerade, port forwarding.
Inline Intrusion Prevention (NFQ mode): 5 drop rules (SSH brute, C2, dir traversal, SQLi, XSS) plus alert rules for floods and scans.
Per-peer ACL (Internet, LAN, DMZ, custom networks), QR provisioning, bandwidth tracking, connection events and VPN NAT.
CAKE, fq_codel, HTB, HFSC schedulers. Gaming, Streaming, Office, IoT and Custom profiles. Built-in speed test with SVG gauges.
Interface roles, VLAN CRUD, static routes, conntrack viewer, Multi-WAN with failover and policy routing.
Full dnsmasq DHCP with static leases, hostname tracking, per-client DNS policy tags and duplicate IP protection.
Real-time dashboard: drops, blocked IPs, CrowdSec, Suricata IPS stats, SSH attempts, bandwidth, GeoIP, health and risk score.
The installer detects your platform (Debian, Ubuntu, Raspbian, RHEL/CentOS), installs all dependencies, configures nftables, dnsmasq, WireGuard, Suricata IPS, CrowdSec and the dashboard — then starts everything.
http://gateway-ip:8080 in your browser. Log in with admin / the password printed at the end of install. Change it immediately in Settings.
One Raspberry Pi. One command. Full gateway protection with DNS, firewall, IPS, VPN and QoS.