Projects / Dowse


Dowse eases the configuration of network routing for a local area network, starting from the setup of ARP-level static entries of known peers, IP-level firewall, DHCP configuration, and local DNS cache, up to an application layer transparent proxy and optional gateways to anonymous networks such as Tor and I2P. It consists of a minimalistic script which can run on any GNU/Linux box and which, from a central configuration point, controls Ebtables, Iptables, and all the daemons needed for such operations: DnsMasq, Squid2, and Privoxy. It comes with a module system for contributed add-ons like DNSCrypt-proxy and HTTPS-everywhere.

Operating Systems

Recent releases

  •  04 Jun 2014 09:39

    Release Notes: Starting and stopping Dowse now works faster. New and safer iptables rules have been adopted and the code has been reorganized. The Squid/Privoxy functionality was moved into a module, preserving only firewalling and dnsmasq as the core functionalities of Dowse. A comprehensive whitepaper is distributed with the source, outlining future plans.

    •  21 Jan 2014 21:06

      Release Notes: The network model was refactored to avoid the need for a bridge interface. Dowse now works just on a single physical interface. Ebtables is adopted for layer 2 MAC address filtering against arp spoofing. A module system is in place to activate/deactivate optional features. The first module available supports dnscrypt-proxy to protect all DNS traffic from tapping.

      •  05 Jan 2014 23:05

        Release Notes: This release provides all basic features and has been tested for its stability: accelerated transparent proxy using Squid3 and ads protection using Privoxy, automatic .onion domain resolution via Tor, and arp-spoof protection via configured MAC entries in dnsmasq.


        Project Spotlight


        A Fluent OpenStack client API for Java.


        Project Spotlight

        TurnKey TWiki Appliance

        A TWiki appliance that is easy to use and lightweight.