Skip to content
/ firewall Public

A mini firewall for linux based systems using netfilter hooks

License

Notifications You must be signed in to change notification settings

k3yss/firewall

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Kernel Module Firewall for Linux Based Systems

Implementation of software based firewall for linux based systems.

Features:

  • ICMP blocking: commands like ping use ICMP protocol but modern browsers use the TCP/IP protocol, which is beyond the scope of this project
  • IP blocking: we can specify the IP address we want to block

Quickstart

Prerequisites

Install the linux kernel headers

$ sudo apt-get install linux-headers-$(uname -r)

Build and run

$ git clone https://github.com/k3ys/firewall && cd firewall
$ cd src
$ make
$ sudo insmod firewall.ko ip_addr_rule=<desired-ip>

Notes:

Why are we using a kernel module?

Don't want to recompile the kernel everytime, it is easier this way and also the standard practice.

Future plans

Making the firewall more robust and incorporate more hooks: NP_INET_FORWARD, NP_INET_POST_ROUTING, NP_INET_LOCAL_IN, NP_INET_LOCAL_OUT.

References

  1. Simple Kernel Module in C (video)
  2. Linux firewall from scratch based on Netfilter (blog)
  3. Linux Kernel Module Programming Guide (documentation)
  4. Linux Kernel Source Tree
  5. Linux Kernel Networking Documenation

About

A mini firewall for linux based systems using netfilter hooks

Topics

Resources

License

Stars

Watchers

Forks