{"id":24173060,"url":"https://github.com/mchinchilla/netfirewall","last_synced_at":"2026-02-13T17:03:30.399Z","repository":{"id":270636241,"uuid":"910991662","full_name":"mchinchilla/NetFirewall","owner":"mchinchilla","description":"Small Firewall developed in C#.","archived":false,"fork":false,"pushed_at":"2025-02-04T17:13:38.000Z","size":1181,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-05T04:41:18.075Z","etag":null,"topics":["asp","asp-net","asp-net-mvc","aspire","aspnet-core","aspnetcore","bash","bash-script","bash-scripting","csharp","debian","dhcp","dhcp-server","dotnet","firewall","linux","nftables","razor"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mchinchilla.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-02T01:59:47.000Z","updated_at":"2025-02-04T17:13:42.000Z","dependencies_parsed_at":"2025-01-02T03:17:22.543Z","dependency_job_id":"28a21187-d730-4f26-ad25-08086c72d719","html_url":"https://github.com/mchinchilla/NetFirewall","commit_stats":null,"previous_names":["mchinchilla/netfirewall"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mchinchilla/NetFirewall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchinchilla%2FNetFirewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchinchilla%2FNetFirewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchinchilla%2FNetFirewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchinchilla%2FNetFirewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mchinchilla","download_url":"https://codeload.github.com/mchinchilla/NetFirewall/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mchinchilla%2FNetFirewall/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264092341,"owners_count":23556275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asp","asp-net","asp-net-mvc","aspire","aspnet-core","aspnetcore","bash","bash-script","bash-scripting","csharp","debian","dhcp","dhcp-server","dotnet","firewall","linux","nftables","razor"],"created_at":"2025-01-13T01:14:19.059Z","updated_at":"2026-02-13T17:03:30.370Z","avatar_url":"https://github.com/mchinchilla.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NetFirewall\n\n\u003e Desde hace algun tiempo habia tenido la idea de hacer mi propio firewall para mi casa, he usado muchos buenos productos entre ellos, pfsense, opnsense, ipcop, zenthyal, clearos, vyos, ipfire, endian, todos con sus pro y contras.\nPara este 2025 he dicidido poner en marcha el desarrollo de mi propio firewall, hecho desde cero utilizando C# (y todo el ecosistema de dotnet) y como base de datos Postgresql.\nEn esta primera etapa, estaré desarrollando el DHCP.\nSi te interesa colaborar con este proyecto desde ya eres bienvenido.\n\n\u003e For some time I had the idea of making my own firewall for my home, I have used many good products including pfsense, opnsense, ipcop, zenthyal, clearos, vyos, ipfire, all with their pros and cons.\nFor this 2025 I have decided to start developing my own firewall, made from scratch using C# (and the entire dotnet ecosystem) and Postgresql as a database.\nIn this first stage, I will be developing the DHCP.\nIf you are interested in collaborating with this project, you are welcome.\n\n---\n\n\u003e En el directorio raiz he agregado un directorio llamado Bash, en el cual pueden encontrar el firewall que ya está funcionando en mi casa y el cual es la meta a crear a partir de un WebUI e interactuar con el core y/o bash del servidor.\nEl WanMonitor esta funcionando perfectamente el Dhcp Server es un trabajo en progreso aun.\n \n\u003e In the root directory I have added a directory called Bash, in which you can find the firewall that is already running at my house and which is the goal to create from a WebUI and interact with the core and/or bash of the server.\nThe WanMonitor is working perfectly and the Dhcp Server is still a work in progress.\n---\n\n# DHCP Server [ In Progress ... ]\nRFC 2131 outlines the Dynamic Host Configuration Protocol (DHCP), which is used by hosts to obtain network configuration parameters like IP addresses, subnet masks, default gateways, and DNS servers. Here's how the dialog between a DHCP client and server generally unfolds according to RFC 2131:\n### 1. DHCPDISCOVER\nClient Action: When a client (like a new device on the network) wants to join the network, it broadcasts a DHCPDISCOVER message. This is sent to the local subnet's broadcast address (255.255.255.255) or to the limited broadcast address (0.0.0.0) if the client doesn't have an IP yet.\nPacket Details:\nMessage Type: Option 53 set to Discover (1).\nClient Identifier: Option 61, often the client's MAC address, for uniquely identifying the client.\nParameter Request List: Option 55, listing which options the client wants from the server.\n\n### 2. DHCPOFFER\nServer Action: Multiple DHCP servers might respond to the DISCOVER message. Each server that can offer an IP address will send back a DHCPOFFER message.\nPacket Details:\nMessage Type: Option 53 set to Offer (2).\nYour (client) IP address (YiAddr): The IP address being offered.\nServer Identifier: Option 54, the server's IP address.\nSubnet Mask, Router, DNS Servers, Lease Time, etc., are included as options.\n\n### 3. DHCPREQUEST\nClient Action: After receiving one or more offers, the client selects one and sends a DHCPREQUEST to the chosen server. This message can be broadcast or unicast depending on whether the client knows the server's address:\nIf broadcast, it informs all servers of the selection.\nIf unicast, it's directly to the chosen server.\nPacket Details:\nMessage Type: Option 53 set to Request (3).\nServer Identifier: Identifies which server's offer was accepted.\nRequested IP Address: Option 50, the IP address the client wants (from an offer).\nIf this is a renewal or rebinding, different server identifiers might be used based on the client's state.\n\n### 4. DHCPACK\nServer Action: The server that offered the selected IP address responds with DHCPACK (Acknowledgment) if the IP is still available.\nPacket Details:\nMessage Type: Option 53 set to Ack (5).\nYiAddr: Confirms the IP address assignment.\nServer Identifier: Option 54, reaffirming the server's identity.\nLease Time, Renewal (T1), Rebinding (T2) Times: Option 51, 58, and 59 respectively, setting the lease terms.\n\n### 5. DHCPNAK\nServer Action: If the requested IP address is no longer available or not valid, the server responds with DHCPNAK (Negative Acknowledgment).\nPacket Details:\nMessage Type: Option 53 set to Nak (6).\n\nAdditional Messages:\n### DHCPDECLINE:\nIf a client detects that the IP address offered is already in use, it sends DHCPDECLINE to inform the server to not re-offer that IP.\n### DHCPRELEASE:\nWhen a client no longer requires the IP address, it sends DHCPRELEASE to the server, which then frees up that IP for others.\n### DHCPINFORM:\nClients with statically assigned addresses can use this to request just configuration parameters like DNS servers without asking for an IP address.\n\n### Lease Management:\nRenewal: Clients attempt to renew their lease when T1 time has passed, sending a DHCPREQUEST directly to the server that issued the lease.\nRebinding: If renewal fails, at T2, clients broadcast DHCPREQUEST messages to any DHCP server to try and extend their lease.\n\n### Considerations:\nTimers: DHCP uses timers like T1 (renewal) and T2 (rebind) to manage lease lifecycle.\nBroadcast vs. Unicast: Early messages are broadcast, but after an IP is assigned, unicast communication can occur for efficiency.\nRelay Agents: In networks with multiple subnets, DHCP relay agents can be used to forward requests between subnets.\n\nThis interaction ensures that clients can dynamically acquire network configurations in a standardized manner, enhancing network manageability and client mobility.\n\n---\n\n# NetFirewall.WanMonitor\n\u003e Esta pequeña aplicación monitorea la conexión a internet de cada interface WAN, si la conexión se pierde en la interface WAN primaria hace el cambio a la secundaria y viceversa.\n---\n\u003e This small application monitors the internet connection of each WAN interface, if the connection is lost on the primary WAN interface, it switches to the secondary and vice versa.\n\n### Instrucciones básicas de implementación / Deployment Basic Instructions:\n```\n\n1. Install .NET 9.0 SDK / Runtime\n2. Clone this repository\n3. Open a terminal and navigate to the project folder\n4. Run the following command:\n   dotnet publish -c Release -r linux-x64 -o /opt/netfirewall/wanmonitor\n5. Create a service file in /etc/systemd/system/netfirewall-wanmonitor.service with the following content:\n[Unit]\nDescription=NetFirewall WAN Monitor Service\nAfter=network.target\n\n[Service]\nWorkingDirectory=/opt/netfirewall/wanmonitor\nExecStart=/usr/bin/nice -n -20 /opt/netfirewall/wanmonitor/NetFirewall.WanMonitor\nRestart=always\nRestartSec=10\nSyslogIdentifier=wanmonitor\nKillSignal=SIGINT\nEnvironment=ASPNETCORE_ENVIRONMENT=Production\nEnvironment=DOTNET_PRINT_TELEMETRY_MESSAGE=false\n\n[Install]\nWantedBy=multi-user.target\n6. Change the appsettings.json file to match your network configuration \n   \n7. Run the following commands:\n    sudo systemctl daemon-reload\n    sudo systemctl enable netfirewall-wanmonitor\n    sudo systemctl start netfirewall-wanmonitor\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmchinchilla%2Fnetfirewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmchinchilla%2Fnetfirewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmchinchilla%2Fnetfirewall/lists"}