https://github.com/jakubvojvoda/linux-firewall

Simple Linux firewall using Netfiler
https://github.com/jakubvojvoda/linux-firewall

c firewall kernel netfilter netfilter-hook packet-processing

Last synced: 27 days ago
JSON representation

Simple Linux firewall using Netfiler

• Host: GitHub
• URL: https://github.com/jakubvojvoda/linux-firewall
• Owner: JakubVojvoda
• License: mit
• Created: 2016-05-07T11:13:17.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2016-09-22T13:22:11.000Z (over 8 years ago)
• Last Synced: 2025-05-14T04:35:43.442Z (27 days ago)
• Topics: c, firewall, kernel, netfilter, netfilter-hook, packet-processing
• Language: C
• Homepage:
• Size: 10.7 KB
• Stars: 1
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Linux Firewall

Implementation of a simple Linux Firewall using Netfilter for packet manipulation. The source code is licensed under MIT license (see [LICENSE]) and you should use it (insert builded kernel module) ONLY at your OWN RISK.

### User space application

Command line application that communicates with a given kernel module. The possible command line arguments are following:

* argument `-a RULE`

 * add specific rule to the filtering logic 

 * `RULE`: `NUMBER ACTION PROTOCOL FROM address TO address src dst`, where `address` is `IP` or `ANY`, `src` is optional (`SRCPORT NUMBER`) and `dst` is optional destination port (`DSTPORT NUMBER`). 

* argument `-f FILTER-FILE`

 * add all rules defined in the file `FILTER-FILE` to the filtering logic

* argument `-d RULE-ID`

 * delete rule from the filtering logic

 * `RULE-ID` is a rule identificator

* argument `-p`

 * print list of rules defined in the module

### Kernel module

Implementation of the kernel modul for Linux in version compatible with kernel version 3.13.

### Provided files

The repository contains files

* `pdsfw.c` - kernel module

* `pdscli.c` - user space application

* `lexer.l` - lexical analyzer ([flex]) input

* `parser.y` - parser ([bison]) input

* `Makefile`

Using the `make` command it is possible to build user space application and kernel module. The kernel module can be loaded using command `insmod pdsfw.ko` (at your own risk !!!) and removed using command `rmmod pdsfw`. In case of unexpected problems (eg. failure due to lack of memory, ...), the state is written in log file which can be displayed using command `dmesg`.

### References

* [How to Write a Linux Firewall]

* [Course: Data Communications, Computer Networks and Protocols]

[How to Write a Linux Firewall]: http://www.roman10.net/a-linux-firewall-using-netfilter-part-1overview/

[Course: Data Communications, Computer Networks and Protocols]: http://www.fit.vutbr.cz/study/course-l.php.en?id=11584

[flex]: http://flex.sourceforge.net/

[bison]: https://www.gnu.org/software/bison/

[LICENSE]: https://github.com/JakubVojvoda/linux-firewall/blob/master/LICENSE