WallGuard is a part of Nullnet, built to work with firewalls and other network-facing systems. It consists of a server and a set of agents installed on target machines. The server manages the agents, collects data, and provides access to remote systems.

The system consists of the 2 components:

This software component is deployed on the target machine. It establishes a connection to the WallGuard Server and facilitates communication.

This central server manages agent connections and provides interfaces for interacting with the connected agents.

Agents and the server establish a bidirectional communication channel via the server’s gRPC interface. This channel is used to send commands from the server to the agents. Separately, the agents also use distinct methods exposed by the server to submit data—such as telemetry or configuration‑change events—back to the server.

Agent capabilities:

• Configuration Monitoring – Watches for changes in system or network configuration files.
• Network Traffic Monitoring – Tracks basic traffic information.
• System Monitoring – Gathers CPU, memory, disk, and process data.
• Remote Access – Supports remote sessions through:
  • SSH – Secure shell
  • TTY – Command‑line terminal access
  • UI – Graphical remote access (available on some systems)
  • MCP – Special session type used by the MCP module
• Firewall rules creation - Creates firewall rules and applies them to the system.

Server capabilities

• gRPC interface for agents to connect to
• HTTP API to access from the portal
• MCP service for LLMS to connect to

• PfSense
• OpnSense
• Nftables