Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/qsniyg/simplenetfilt

Simple firewall to block outgoing network access for specified software
https://github.com/qsniyg/simplenetfilt

application-firewall firewall network networking privacy-enhancing-technologies privacy-protection privacy-tools wine

Last synced: 3 months ago
JSON representation

Simple firewall to block outgoing network access for specified software

Host: GitHub
URL: https://github.com/qsniyg/simplenetfilt
Owner: qsniyg
License: apache-2.0
Created: 2024-03-23T04:24:32.000Z (10 months ago)
Default Branch: master
Last Pushed: 2024-05-14T20:23:11.000Z (9 months ago)
Last Synced: 2024-10-13T05:37:24.754Z (4 months ago)
Topics: application-firewall, firewall, network, networking, privacy-enhancing-technologies, privacy-protection, privacy-tools, wine
Language: C
Homepage:
Size: 9.77 KB
Stars: 14
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# simplenetfilt

This is a simple project to disable outside network access for linux programs (primarily developed for usage with wine). It optionally allows loopback (`localhost` / `127.0.0.1`) and local network access (192.168.\*.\*, 10.\*.\*.\*, \*.local).

This was created out of a need to run some programs under wine without outside network access. Loopback was needed for some IPC work the programs required. After spending days wrestling with `firejail`, X11, and `iptables`, I gave up and decided to write this.

## Current limitations

* Only outgoing connections are filtered.
* IPv6 isn't supported. Currently it blocks all outgoing IPv6 connections.
* Only tested under wine and a few basic programs (curl, ping, firefox). Leaks may exist for other software.
* No whitelist/blacklist.

Please open an issue if these limitations cause a problem for you.

## Usage

### Building

```sh
mkdir build && cd build
cmake ..
make
sudo make install
```

### Running

Using the wrapper:

```sh
simplenetfilt program [args...]
```

Manual LD_PRELOAD:

```sh
LD_PRELOAD=libsimplenetfilt.so program [args...]
```

Note that when using the manual method, if it has been installed to `/usr/local/lib`, you may need to add `/usr/local/lib` to `LD_LIBRARY_PATH`.

### Configuration

The following environment variables can be configured:

* `SIMPLENETFILT_ALLOW_LOCALHOST` - Allows `localhost` / `127.0.0.1` access. Default: `true`
* `SIMPLENETFILT_ALLOW_LOCALNET` - Allows local network access. Default: `false`