I recently needed a simple way to test DynFi in a controlled environment without relying on physical hardware or an existing lab. Since I am using a MacBook M3, which is based on Apple Silicon, this immediately introduces a constraint: native virtualization for x86 systems is not available.
That said, QEMU makes it possible to run x86 systems through full emulation, and for testing purposes, this is more than sufficient. The setup is not designed for performance, but it works reliably for lab scenarios and functional validation.
A quick note on emulation
Because this setup runs an x86_64 system on an ARM-based CPU, everything relies on emulation rather than hardware acceleration. This means that performance is noticeably lower than on a native x86 machine. However, for installing DynFi, exploring its features, and running basic networking tests, the experience is perfectly usable.
Installing the required tools
The only real prerequisite is QEMU. On macOS, installing it with Homebrew is straightforward:
brew install qemuWhen using bridged networking on macOS, QEMU relies on Apple’s vmnet framework, which requires elevated privileges. As a result, the virtual machine will need to be started with sudo.
Downloading the DynFi installer
I started by downloading the official DynFi installer image. The file is provided as a compressed ISO, so it needs to be retrieved and extracted.
cd images/
curl -OL https://dynfi.com/files/firewall/dynfi_installer_vga_4.11-20251201-095440.iso.bz2After downloading, the archive can be decompressed to obtain the ISO file:
bunzip2 dynfi_installer_vga_4.11-20251201-095440.iso.bz2Preparing the virtual machine disk
Next, I created a directory to hold the virtual machine files and generated a QCOW2 disk image. This format is flexible and efficient for virtual environments.
mkdir -p machines/obiwan
qemu-img create -f qcow2 machines/obiwan/disk.qcow2 50GA 50 GB disk provides enough room to install the system and experiment without worrying about space constraints.
Booting the DynFi installer
With the disk ready and the ISO available, the virtual machine can be started. The following command launches QEMU and boots directly from the DynFi installer:
sudo qemu-system-x86_64 \
-machine pc-i440fx-10.2 \
-cpu Haswell \
-smp 4 \
-m 4096 \
-netdev vmnet-bridged,id=net0,ifname=en0 \
-device virtio-net-pci,netdev=net0 \
-netdev vmnet-bridged,id=net1,ifname=en0 \
-device virtio-net-pci,netdev=net1 \
-hda machines/obiwan/disk.qcow2 \
-cdrom machines/obiwan/dynfi_installer_vga_4.11-20251201-095440.isoThis command emulates a fairly standard x86 machine. The pc-i440fx platform is widely supported and works well with DynFi. The CPU is set to a Haswell model for compatibility, and the virtual machine is allocated four virtual CPUs and 4 GB of RAM, which is sufficient for most lab use cases.
One important aspect of this setup is networking. Two network interfaces are created and attached using the vmnet-bridged backend. Both interfaces are bridged to the Mac’s physical network interface (en0), which allows the virtual machine to appear directly on the local network. This makes it possible to simulate typical firewall scenarios, such as having separate WAN and LAN interfaces.
Installing DynFi
Once the virtual machine starts, the DynFi installer boots just like it would on a physical system. The installation process is straightforward and does not require any special adjustments for QEMU. The system can be installed onto the virtual disk created earlier, following the standard installation steps provided by DynFi.
Booting the installed system
After the installation is complete, the ISO is no longer needed. The virtual machine can be started again using the same command, simply removing the -cdrom option:
sudo qemu-system-x86_64 \
-machine pc-i440fx-10.2 \
-cpu Haswell \
-smp 4 \
-m 4096 \
-netdev vmnet-bridged,id=net0,ifname=en0 \
-device virtio-net-pci,netdev=net0 \
-netdev vmnet-bridged,id=net1,ifname=en0 \
-device virtio-net-pci,netdev=net1 \
-hda machines/obiwan/disk.qcow2At this point, DynFi boots from the virtual disk and is ready to be configured and tested.
Final thoughts
Running DynFi on an Apple Silicon Mac using QEMU turns out to be a practical solution for lab environments. Even though it relies on full emulation, the setup is stable and flexible enough to experiment with firewall configurations, networking scenarios, and general system behavior.
This approach provides a convenient way to spin up a fully functional firewall without needing dedicated hardware, making it ideal for quick tests, development work, or learning purposes.