Hello everyone,
I’ve been working on a self-hosted UTM built on OpenBSD and wanted to share it here to get feedback from people who are interested in system design and security architecture.
The focus of the project is not just on the network stack, but on the control plane design. The WebUI runs entirely inside the /var/www chroot and has no ability to execute privileged operations. All system actions are handled by root-side daemons via a file-based queue. There is no sudo, doas, or setuid path from the web tier.
The idea was to enforce privilege separation at the architectural level rather than relying on policy or careful coding alone. I am currently finalizing the installer logic. The project will be hosted at GitLab Repo. Screenshots are also available at our webpage.
I’d appreciate any feedback, especially on the design choices around IPC, validation, and privilege boundaries.
Thank you.
