Home Platform Modules Architecture Compare Book a demo
Unified Endpoint Security Windows · Linux · Android

Your network.
Your rules.
Nothing else.

GateKeeper unifies a per-app firewall, DNS sinkhole, and network control into one platform — across every device, driven by an AI you command in plain English.

// On-device. No cloud. No compromise.

Book a demo Contact sales
Windows 10/11 Linux Android 8.0+
GateKeeper Command Center dashboard
On-Device Only Zero Cloud No Data Collection Per-App Firewall DNS Sinkhole AI-Native Control Windows · Linux · Android
The Problem

You're already using three tools.
None of them talk to each other.

Your firewall doesn't know what your DNS blocker is doing.

Blocked a domain in Pi-hole? Your firewall has no idea. Blocked an app? Your DNS proxy kept resolving domains for it anyway. Fragmented tools create fragmented protection.

Firewall rules. iptables commands. DNS configuration.

Most people give up before they're actually protected. The tools that work best are the tools you actually use. GateKeeper is built to be used.

Your laptop has a firewall. Your phone has nothing.

The device that carries your location history, banking apps, and private messages is usually the least protected thing you own.

There's a better way.
The Solution

Three layers. One platform.
Zero compromise.

GateKeeper covers every attack surface — from the kernel to the DNS layer to your phone.

App Layer

AppGate blocks specific processes at the kernel.

8 enforcement filters per app. Crash-safe. Protocol-complete. No bypass possible.

L7
DNS Layer

WebGate intercepts every query before it resolves.

Malicious domains return 0.0.0.0. Immediately. Always. No caching delay.

L4
Net Layer

NetGate blocks known-bad IPs, ports, and protocols.

Covers what app-level rules can't reach. Independent of the originating process.

L3

All three layers, tied together by the AI Assistant — one platform, zero blind spots.

The Platform

One platform. Six modules.

Every layer of protection in a single console — each module sharp on its own, unstoppable together.

Featured

AI Assistant

Drive every module in plain English. ~60 tools, parallel actions, zero command-line.

“block tiktok on every device” Done across 3 endpoints

App Gate

Per-process firewall enforced at the kernel — 8 filters per app, crash-safe, no bypass.

Web Gate

DNS sinkhole. Bad domains never resolve.

Net Gate

Block bad IPs, ports and whole protocols.

Sandbox

Detonate unknown files and URLs in an isolated VM with per-resource policy.

Mobile

Android firewall plus 5 threat detections — no root required.

AI-Native Control

Run your whole stack
in plain English.

No rule syntax. No iptables. Just ask — GateKeeper translates intent into kernel-level action.

GateKeeper AI · command console online
Capabilities Dashboard
01 / 06
01 · Command Center

Everything, at a glance.

Live traffic, module health and global reach — refreshed every second on one calm console.

Real-time telemetryGeographic reachPublic-IP intel
GateKeeper Command Center dashboard
02 · App Gate

Every app on a leash.

Live CPU, memory and bandwidth for every running process, with publisher verification built in.

Per-processPublisher verifiedLive usage
App Gate running process list
02 · App Gate

Block what you haven't even launched.

Search your full installed-app inventory — thousands of entries — and cut any one off before it ever runs.

Full inventoryPath + sourceOne-click block
App Gate installed applications list
02 · App Gate

Drill into any connection.

Expand a process to see every live connection with full IP, country and ASN intelligence.

Per-connectionGeo + ASNBlock on sight
App Gate expanded connection detail
02 · App Gate

Rules that stick.

Persistent allow and block rules, enforced at the kernel in 3.2 ms — and crash-safe by design.

3.2ms enforcePersistentCrash-safe
App Gate active rules
03 · Web Gate

Block the web's worst — by name.

Blacklist or whitelist mode, per-domain rules and one-click DNS setup. Bad domains never resolve.

~130k domainsInstant sinkholeCustom rules
Web Gate domain filtering
03 · Web Gate

Every adapter, covered.

Apply DNS protection across all network interfaces at once — wired, wireless and virtual.

All adaptersLive server statusZero config
Web Gate network adapters
04 · Net Gate

Allow and block by IP, port and rule.

A live rules engine for inbound and outbound traffic — blocklist or whitelist, with global port blocks.

IP + port rulesBlocklist / whitelistGlobal blocks
Net Gate rules and blocklist console
04 · Net Gate

Threat intelligence, weaponized.

Over 118,000 malicious IPs from Spamhaus, Blocklist.de and TOR exit nodes — blocked in a click.

Live feedsAuto-updatingOne-click block
Net Gate threat intelligence
04 · Net Gate

Shut down whole protocols.

Toggle QUIC, BitTorrent, Telnet and more at the network layer — independent of any single app.

Protocol togglesPort rulesIP ranges
Net Gate protocol control
05 · AI Assistant

Just say what you want.

Powered by Gemini. Block apps, inspect DNS or audit every service — all in plain English.

~60 toolsParallel actionsGoogle ADK
AI Assistant chat
06 · Sandbox · Windows only

Detonate the unknown — safely.

Stage suspicious URLs and files in an isolated Windows Sandbox with granular, per-resource policy.

Windows onlyNetwork policyMic & camera
Sandbox isolation policy
Scroll to explore
Mobile

Your phone, finally protected.

Full endpoint security on Android — no root — plus five threat detections nothing else offers.

AndroidNo Root Required

Five detections, exclusive to mobile.

GateKeeper Mobile brings the same per-app firewall and DNS sinkhole to Android — and adds threat detection your laptop never needed.

  • Evil Twin Wi-Fi detection
    Alerts when a known network broadcasts from an unrecognised router.
  • Fake cell tower (IMSI) alerts
    Alerts when your phone is forced onto 2G — a sign of an IMSI catcher.
  • Data exfiltration detection
    Alerts when an app uses your mic or camera then immediately uploads data.
  • MITM certificate auditing
    Flags user-installed CA certificates from known interception proxy tools.
  • App permission risk scoring
    Ranks every installed app by how invasive its declared permissions are.
GateKeeper Mobile — protection active with threat alerts
Architecture

Built on the right primitives.

GateKeeper uses the kernel's own security APIs — not workarounds.

Windows

Windows

WFP · FWPM_SESSION_FLAG_DYNAMIC

The same kernel API enterprise security software uses. If GateKeeper exits unexpectedly, the kernel cleans up. You can never get locked out.

Linux

Linux

iptables + cgroups v2 + eBPF

Three enforcement layers. Layer 2 uses an eBPF cgroup/sendmsg hook — the only correct solution to the QUIC/HTTP3 blocking problem that most tools get wrong.

Android

Android

VpnService TUN Interface

System-level traffic interception without root. PacketFilter evaluates every packet: ALLOW, DROP, DNS_INTERCEPT, DNS_SINKHOLE, or DNS_LEAK. Microsecond decisions.

All service APIs bind exclusively to 127.0.0.1. No data leaves your device. Ever.

Comparison

The only tool that checks every box.

Verified against Portmaster, OpenSnitch, Pi-hole, and NetGuard.

CapabilityGateKeeperPortmasterOpenSnitchPi-holeNetGuard
Windows
Linux
Android
Per-app firewall
DNS sinkholePartial
IP / port rules
AI assistant
Mobile threat detection
On-device, no cloudPartial

Feature comparison based on verified product documentation. Last updated June 2026.

0
Integrated modules
One unified platform
<0ms
DNS proxy latency
Resolve-time interception
0
Operating systems
Supported natively
0
Android threat modules
Exclusive to mobile
Get started

See GateKeeper
on your devices.

Book a 30-minute walkthrough and we'll show you per-app firewalling, DNS interception and AI-driven control — live, on Windows, Linux and Android.

  • Tailored to your environment
  • No agents to install for the demo
  • Talk to the team that built it
Prefer email? hello@gate-keeper.app

We'll reply within one business day. No spam, ever.