Your firewall zones, read live.

It reads firewalld - and turns it into things you can use.

Not just a status page. Suriq pulls the real picture out of firewalld, watches for the drift and exposure you would miss, and gives you the controls to fix them - without SSH-ing in.

• Your zone topology - every active zone, its services, ports, sources, and interfaces, with the default zone marked
• Whether the running rules still match what is on disk, and how long they have been out of sync
• Which of your ports are open to the internet, the service each belongs to, and whether anything is actually listening
• The host's detected roles, so an exposed port that does not fit stands out
• Denied traffic over the last 24 hours, with repeat attackers and scan alerts called out
• Who is attacking you - their country, their network, the ports they hit, and the rules they tripped
• Every IP on your Suriq blocklist, and a live globe of where the denied traffic is coming from
• A record of every config change, with the exact keys that moved, so a quiet edit never slips by

• Block, unblock, or temp-block an IP in one click - the temp block reverts on its own when its time is up
• Allow a trusted IP straight through, including your own, so you never lock yourself out
• Close a port that should not be open, right from the exposure view - SSH and the Suriq manager stay protected
• Block your top attackers, with the full story on each one before you do
• Persist runtime changes to permanent, or reload from permanent, when the two have drifted apart
• Run on-demand checks - list zones, diff runtime against permanent, dump the blocklist - and read the raw output
• Every action logged, so you can prove what changed and when

Suriq's agent reads firewalld directly on the host - its state, zones, config, and the denied-traffic it logs. Nothing extra to install, nothing to reconfigure. Risky edits to the running firewall are held on a short timer and revert on their own unless you keep them, so a bad change can never lock you out.