https://github.com/fusion/ltfw

Light Touch Firewall
https://github.com/fusion/ltfw

Last synced: 22 days ago
JSON representation

Light Touch Firewall

• Host: GitHub
• URL: https://github.com/fusion/ltfw
• Owner: Fusion
• Created: 2021-08-17T23:28:22.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2021-08-18T21:56:57.000Z (over 3 years ago)
• Last Synced: 2024-10-16T08:19:02.772Z (2 months ago)
• Language: Go
• Size: 11.7 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Light Touch Firewall

This incredibly simple program was written to deal with keeping ports closed.

The main use case is Kubernetes environments where iptables management interferes with an actual firewall.

Using `ltfw` you can specify which IP addresses are considered "too open" (default: `0.0.0.0`) as well as which ports you wish to leave alone.

By default, SSH (port 22) is in the "do not block" list. You can, of course, change this to 2222 or what not. No support for port knocking yet!

IPv4, IPv6, TCP and UDP are supported. `ltfw` will only ever block ports that it finds acively listening and not whitelisted.

Syntax:

```

Usage:

  ltfw [--quiet|--verbose] [--config=] run

  ltfw -h --help

  ltfw --version

Options:

  -h, --help                Show this screen.

  -v, --version             Show version.

  -c, --config=       Config file.

  -q, --quiet               Suppress output.

  --verbose                 Comprehensive output.

```

Confile file syntax:

```

# If listening on these IPs, they are considered the dangerous ones

closeips = [ "0.0.0.0", "::" ]

# Never block listening on these ports

protectedports = [ "22" ]

# Check every X seconds

every = 60

# Drop (silent) or reject (respond) connections

droporreject = "drop"

```

To run this program as a service, simply create a systemd target file, or a definition file for your favorite process manager.