Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tholian-network/firewall
:rainbow: eBPF-based programmable firewall, intended for use in Go backends
https://github.com/tholian-network/firewall
ebpf firewall golang
Last synced: about 1 month ago
JSON representation
:rainbow: eBPF-based programmable firewall, intended for use in Go backends
- Host: GitHub
- URL: https://github.com/tholian-network/firewall
- Owner: tholian-network
- Created: 2023-04-23T22:21:15.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2024-10-29T03:56:32.000Z (about 2 months ago)
- Last Synced: 2024-10-29T04:25:01.982Z (about 2 months ago)
- Topics: ebpf, firewall, golang
- Language: C
- Homepage: https://tholian.network/
- Size: 399 KB
- Stars: 15
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Tholian® Firewall
A programmable eBPF Firewall that can be used from within `Go`-based backends
and as a standalone CLI tool, with advanced features like automatic port scan
or exfil network protocol detection.:construction: EXPERIMENTAL SOFTWARE - USE AT OWN RISK :construction:
## Building
### Building the eBPF Module
The [eBPF](./ebpf) module is required to block network traffic before it reaches
the kernel. There's a fallback implementation using `iptables` available, but it
is not recommended. The eBPF module far outweighs iptables performance by any means.This kernel space eBPF module is compiled down to bytecode, so hopefully it does not
need to be recompiled after the first time.In case you need to, this is how to do it:
```bash
# Build Dependencies
sudo pacman -S --needed binutils coreutils go bpf libbpf clang llvm llvm-libs lib32-llvm-libs;cd /path/to/tholian-firewall;
bash make.sh ebpf;
```### Building the Go Program
```bash
cd /path/to/tholian-firewall;
bash make.sh source;# List the built binaries
ls ./build/linux/*;
```### Build Tags
The `tholian-firewall` codebase uses two different reserved go build tags:
- `guard` which includes the [ebpf module](/source/adapters/mitigations/ebpf) and all [insights](/source/insights).
- `guard_openwrt` which includes the [ebpf module](/source/adapters/mitigations/ebpf).There are also build tags which will fallback to `iptables` and `hosts` usage,
due to lack of support for Linux's eBPF API on those operating systems:- `guard_freebsd`
- `guard_netbsd`
- `guard_openbsd`### Running from Source
The easiest way to run the Firewall CLI:
```bash
cd /path/to/tholian-firewall/source;
sudo go run -tags `guard` ./cmds/tholian-firewall/main.go;
```# License
Proprietary