GithubHelp home page GithubHelp logo

sardinefish / netfilter-firewall Goto Github PK

View Code? Open in Web Editor NEW
3.0 2.0 0.0 449 KB

A linux kernel module firewall implement with Netfilter in Rust.

License: GNU General Public License v3.0

Makefile 0.06% Rust 90.21% C 9.72% C++ 0.01%

netfilter-firewall's Introduction

Stateful Firewall with Netfilter

A stateful firewall with Netfilter by rust.

Including a linux kernel module and a client.

Currently avalable on ubuntu 20.04.1 LTS with linux kernel 5.4.0-29-generic.

Not fully tested for other linux systems.

Programming task for HUST Cyber Security Course Project.

Features

Base on stateful-inspection, filter IPv4 packets by fast connection state check (hash map).

Manipulate the firewall rules by a user-space cli program:

  • Manipulate firewall rules separately for TCP, UDP and ICMP Echo.
  • Allow / Deny network communication from / to specific address & port.
  • Set default rule for each protocol.
  • List all current active rules.

Supported Protocol

  • TCP
  • UDP
  • ICMP Echo / Reply (ping)

Kernel Module

Build Module

$ make

The module will build to target/kernel/kmod.ko

Install Module

$ sudo make insmod

The firewall will start working immediately after installation. Use following command to view the log.

$ sudo dmesg

Uninstall Module

$ sudo make rmmod

Client

Build Client

$ cd client
$ cargo build --release

Run Client

Examples

# Allow UDP packet send to 8.8.8.8:53
$ ./target/release/client allow UDP 0.0.0.0 8.8.8.8:53

# Allow TCP connection into 80 port from subnet 192.168.1.0/24
$ ./target/release/client allow TCP 192.168.1.0/24 0.0.0.0:80

# Deny all UDP packet by default
$ ./target/release/client deny UDP default

# List all currently active rules
$ ./target/release/client list

# Delete the rule at index of 7
$ ./target/release/client delete 7

netfilter-firewall's People

Contributors

sardinefish avatar

Stargazers

b23r0 avatar Jakub Panek avatar avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.