{"id":15056940,"url":"https://github.com/vazw/simple-firewall","last_synced_at":"2025-10-14T14:07:27.899Z","repository":{"id":246634858,"uuid":"821709860","full_name":"vazw/simple-firewall","owner":"vazw","description":"simple firewall a simple kernel level firewall using aya-ebpf","archived":false,"fork":false,"pushed_at":"2025-06-22T14:44:19.000Z","size":2533,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-10-14T14:06:07.894Z","etag":null,"topics":["aya","ebpf","ebpf-programs","firewall","xdp","xdp-acl"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vazw.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-29T08:02:51.000Z","updated_at":"2025-09-30T09:00:22.000Z","dependencies_parsed_at":"2024-06-29T09:26:07.648Z","dependency_job_id":"c0cf3c40-7be2-490c-8821-fc72a23815dd","html_url":"https://github.com/vazw/simple-firewall","commit_stats":null,"previous_names":["vazw/simple-firewall"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/vazw/simple-firewall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vazw%2Fsimple-firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vazw%2Fsimple-firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vazw%2Fsimple-firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vazw%2Fsimple-firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vazw","download_url":"https://codeload.github.com/vazw/simple-firewall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vazw%2Fsimple-firewall/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279019120,"owners_count":26086679,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aya","ebpf","ebpf-programs","firewall","xdp","xdp-acl"],"created_at":"2024-09-24T21:59:03.898Z","updated_at":"2025-10-14T14:07:27.873Z","avatar_url":"https://github.com/vazw.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# simple-firewall a simple kernel level firewall\n\n## Simeple - Low Memory-Footprint and Reliable using XDP\n\n![ScreenShot](https://github.com/vazw/simple-firewall/blob/main/screenshot/screenshot.png)\n\n## Prerequisites\n\n1. Install bpf-linker: `cargo install bpf-linker`\n\n## Features\n\n1. Blazingly fast\n2. Filter TCP and UDP with specified PORT\n3. Specified DNS reslover\n4. TCP state recognizer\n5. Aggressive TCP reset on first syn\n\n#### HOW Aggressive TCP reset work?\n\n```\n[Client]            [Firewall]          [Server]\n    |                   |                   |\n    | -----\u003e syn -----\u003e | if NEW connection |\n    |                   | Firewall will act |\n    | \u003c--- syn ack ---- | like it's serving |\n    |                   | our service       |\n    | ------- ack ----\u003e |                   |\n    |                   |it's actually dummy|\n    | \u003c----- rst \u003c----- | respone by XDP_TX |\n    |                   |                   |\n    | ------ syn -------------------------\u003e |\n    |                   |                   |\n    | \u003c--- syn ack ------------------------ |\n    |                   |                   |\n    | ------- ack ------------------------\u003e |\n    |                   |                   |\n    | \u003c-------- ESTABLISHED --------------\u003e |\n\n```\n\n## Build eBPF\n\n```bash\ncargo sfw build-ebpf\n```\n\n## Build Userspace\n\n```bash\ncargo build\n```\n\n## Build eBPF and Userspace\n\n```bash\ncargo sfw build\n```\n\n## Run\n\n```bash\nRUST_LOG=info cargo sfw run -i \u003cNIC\u003e -c \u003cpath-to-config.toml\u003e\n```\n\nTo perform a release build you can use the `--release` flag.\nYou may also change the target architecture with the `--target` flag.\n\n## Config\n\nsimple-firewall use simple toml config pattern\n\n### config options\n\n- `tcp_in` Incomming-Port a port from outside comming to us.(etc. web-browsing)\n- `tcp_out` Outgoing-Port a port from our server to outside.(etc. serving website/service)\n- `udp_in` Incomming-Port a port from outside comming to us.(etc. web-browsing)\n- `udp_out` Outgoing-Port a port from our server to outside.(etc. serving website/service)\n\n`sfwconfig.toml`\n\n```\ndns = [\"208.67.222.222\", \"9.9.9.9\"]\n\n[tcp_in]\nsport = []\ndport = [4869,8000,8008]\n\n[tcp_out]\nsport = [22000,4869,8000, 8008]\ndport = [22,80,443,8181,10022, 20086]\n\n[udp_in]\nsport = [22000,21027]\ndport = [22000,21027]\n\n[udp_out]\nsport = [22000,21027]\ndport = [22000,21027, 123, 67, 8443]\n\n# 123 = NTP network time\n# 67 = router\n# 22 = ssh\n# 80,443 = regular http\n# 22000 and 21027 = syncthing\n```\n\n## Installation\n\n```bash\ngit clone https://github.com/vazw/simple-firewall.git \u0026\u0026 cd simple-firewall\ncargo install bpf-linker\ncargo sfw install --path \u003cinstall-path\u003e # Default is /usr/bin/\n```\n\nthen make a auto-startup script for it with `sfw -i \u003cNIC\u003e -c \u003cpath-to-config.toml\u003e`\n\nin my case I was using `pkexec` to auto-startup with my SwayWM started\n\n`.config/sway/config`\n\n```bash\nexec pkexec sfw -i wlp1s0 -c /etc/sfw/sfwconfig.toml \u0026\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvazw%2Fsimple-firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvazw%2Fsimple-firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvazw%2Fsimple-firewall/lists"}