{"id":46087823,"url":"https://github.com/pwnzer0tt1/firegex","last_synced_at":"2026-03-01T17:02:48.465Z","repository":{"id":43577134,"uuid":"502444028","full_name":"Pwnzer0tt1/firegex","owner":"Pwnzer0tt1","description":"Firegex, a firewall for Attack-Defense CTFs","archived":false,"fork":false,"pushed_at":"2025-11-11T22:33:44.000Z","size":20571,"stargazers_count":82,"open_issues_count":0,"forks_count":9,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-11-12T00:21:06.913Z","etag":null,"topics":["application-firewall","attack-defense","ctf","firegex","firewall","intrusion-detection","netfilter","netfilter-queue","nftables","reverse-proxy"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Pwnzer0tt1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-06-11T19:57:49.000Z","updated_at":"2025-11-11T22:30:53.000Z","dependencies_parsed_at":"2024-04-08T14:25:06.253Z","dependency_job_id":"13c9ea13-fa67-4dac-b603-7b53e20bd72e","html_url":"https://github.com/Pwnzer0tt1/firegex","commit_stats":null,"previous_names":[],"tags_count":70,"template":false,"template_full_name":null,"purl":"pkg:github/Pwnzer0tt1/firegex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pwnzer0tt1%2Ffiregex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pwnzer0tt1%2Ffiregex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pwnzer0tt1%2Ffiregex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pwnzer0tt1%2Ffiregex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Pwnzer0tt1","download_url":"https://codeload.github.com/Pwnzer0tt1/firegex/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pwnzer0tt1%2Ffiregex/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29976272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T16:35:47.903Z","status":"ssl_error","status_checked_at":"2026-03-01T16:35:44.899Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-firewall","attack-defense","ctf","firegex","firewall","intrusion-detection","netfilter","netfilter-queue","nftables","reverse-proxy"],"created_at":"2026-03-01T17:02:46.360Z","updated_at":"2026-03-01T17:02:48.444Z","avatar_url":"https://github.com/Pwnzer0tt1.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1\u003e\u003cimg align=\"left\" src=\"docs/FiregexLogo.png\" width=\"170\" /\u003e\u003cbr /\u003e[Fi]*regex 🔥\u003c/h1\u003e\n\n\u003ca href=\"https://github.com/Pwnzer0tt1/firegex/releases/latest\"\u003e\u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/pwnzer0tt1/firegex?color=D62246\u0026style=flat-square\"\u003e\u003c/a\u003e \u003cimg alt=\"GitHub\" src=\"https://img.shields.io/github/license/pwnzer0tt1/firegex?style=flat-square\"\u003e \u003cimg alt=\"GitHub top language\" src=\"https://img.shields.io/github/languages/top/pwnzer0tt1/firegex?style=flat-square\u0026color=44AA44\"\u003e \u003cimg alt=\"Code\" src=\"https://img.shields.io/github/languages/code-size/pwnzer0tt1/firegex?color=%237289DA\u0026label=Code\u0026style=flat-square\"\u003e\n\n\n\u003cbr /\u003e\n\n## What is Firegex?\nFiregex is a firewall that includes different functionalities, created for CTF Attack-Defense competitions that has the aim to limit or totally deny malicious traffic through the use of different kind of filters.\n\n## Get started firegex\n\n### Docker Mode (Recommended)\nWhat you need is a linux machine and docker ( + docker-compose )\n```bash\n# One-command installer (works for both Docker and standalone modes)\nsh \u003c(curl -sLf https://pwnzer0tt1.it/firegex.sh)\n```\nWith this command you will download firegex.py, and run it, it will require you the password to use for firegex and start it with docker-compose\n\nOr, you can start in a similar way firegex, cloning this repository and executing this command\n```bash\npython3 run.py start --prebuilt\n```\n\nWithout the `--prebuilt` flag, it will build the docker image from source, which may take longer.\n\n### Standalone Mode\nIf Docker is not available or you're running in a rootless environment, Firegex can run in standalone mode. The one-command installer above also works for standalone mode and will automatically detect and use standalone mode when Docker is unavailable.\n\n```bash\nsh \u003c(curl -sLf https://pwnzer0tt1.it/firegex.sh)\n\n# Or manually force standalone mode:\npython3 run.py start --standalone\n# Or directly using the one-command installer:\nsh \u003c(curl -sLf https://pwnzer0tt1.it/firegex.sh) --standalone\n\n# Check status\npython3 run.py status [--standalone]\n\n# Stop standalone mode\npython3 run.py stop [--standalone]\n```\n\nStandalone mode automatically:\n- Downloads pre-built rootfs from GitHub releases\n- Detects your architecture (amd64/arm64)\n- Sets up chroot environment with necessary bind mounts\n- Runs as a background daemon process\n- Manages PID files for process control\n\nIf the server is restarted, docker mode will automatically restart the service, while standalone mode will require you to run the start command again manually.\n\nCloning the repository run.py will automatically build the docker image of firegex from source, and start it.\nImage building of firegex will require more time, so it's recommended to use the version just builded and available in the github packages.\nThis is default behaviour if run.py is not in the firegex source root directory.\n\nBy default firegex will start in a multithread configuration using the number of threads available in your system.\nThe default port of firegex is 4444. At the startup you will choose a password, that is essential for your security.\nAll the configuration at the startup is customizable in [firegex.py](./run.py) or directly in the firegex interface.\n\n![Firegex Network scheme](docs/Firegex_Screenshot.png)\n\n## Functionalities\n\n- Regex filtering using [NFQUEUE](https://netfilter.org/projects/libnetfilter_queue/) with [nftables](https://netfilter.org/projects/nftables/) uses a c++ file that handle the regexes and the requests, blocking the malicius requests. PCRE2 regexes are used. The requests are intercepted kernel side, so this filter works immediatly (IPv4/6 and TCP/UDP supported)\n- Create basic firewall rules to allow and deny specific traffic, like ufw or iptables but using firegex graphic interface (by using [nftable](https://netfilter.org/projects/nftables/))\n- Port Hijacking allows you to redirect the traffic on a specific port to another port. Thanks to this you can start your own proxy, connecting to the real service using the loopback interface. Firegex will be resposable about the routing of the packets using internally [nftables](https://netfilter.org/projects/nftables/)\n- EXPERIMENTAL: Netfilter Proxy uses [nfqueue](https://netfilter.org/projects/libnetfilter_queue/) to simulate a python proxy, you can write your own filter in python and use it to filter the traffic. There are built-in some data handler to parse protocols like HTTP, and before apply the filter you can test it with fgex command (you need to install firegex lib from pypi).\n\n## Documentation\n\nDocumentation about how the filters works, what features are available and how to use them are available on firegex interface.\n\nHeres a brief description about the firegex structure:\n\n- [Frontend (React)](frontend/README.md)\n- [Backend (FastAPI + C++)](backend/README.md)\n\nMore specific information about how Firegex works, and in particular about the nfproxy module, are available here (in italian only): [https://github.com/domysh/engineering-thesis](https://github.com/domysh/engineering-thesis) (PDF in the release attachments)\n\n![Firegex Working Scheme](docs/FiregexInternals.png)\n\n### Main Points of Firegex\n#### 1. Efficiency\nFiregex should not slow down the traffic on the network. For this the core of the main functionalities of firegex is a c++ binary file.\n#### 2. Availability\nFiregex **must** not become a problem for the SLA points!\nThis means that firegex is projected to avoid any possibility to have the service down. We know that passing all the traffic through firegex, means also that if it fails, all services go down. It's for this that firegex implements different logics to avoid this. Also, if you add a wrong filter to your services, firegex will always offer you a fast or instant way to reset it to the previous state.\n\n## Why \"Firegex\"?\nInitiially the project was based only on regex filters, and also now the main function uses regexes, but firegex have and will have also other filtering tools. \n\n# Credits\n- Copyright (c) 2022-2025 Pwnzer0tt1\n\n## Star History\n\n\u003ca href=\"https://star-history.com/#pwnzer0tt1/firegex\u0026Date\u0026secret=Z2hwXzJ3TWljWkV5SzBwd216YkJNSGo2OTd0YW1wRGRHZjIwR29jbA==\"\u003e\n \u003cpicture\u003e\n   \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=pwnzer0tt1/firegex\u0026type=Date\u0026theme=dark\u0026secret=Z2hwXzJ3TWljWkV5SzBwd216YkJNSGo2OTd0YW1wRGRHZjIwR29jbA==\" /\u003e\n   \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/svg?repos=pwnzer0tt1/firegex\u0026type=Date\u0026secret=Z2hwXzJ3TWljWkV5SzBwd216YkJNSGo2OTd0YW1wRGRHZjIwR29jbA==\" /\u003e\n   \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=pwnzer0tt1/firegex\u0026type=Date\u0026secret=Z2hwXzJ3TWljWkV5SzBwd216YkJNSGo2OTd0YW1wRGRHZjIwR29jbA==\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpwnzer0tt1%2Ffiregex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpwnzer0tt1%2Ffiregex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpwnzer0tt1%2Ffiregex/lists"}