Git Product home page Git Product logo

hellfire's Introduction

Hellfire: A Linux Toy Firewall based on Netfilter

Hellfire is a lightweight Linux firewall built upon the Netfilter framework, designed to filter TCP, SCTP, UDP, and ICMP packets in accordance with user-defined rules.

Overview

Comprising a user-space command-line tool named hellfire and a corresponding kernel-space module hellfire_core, Hellfire enables the creation of rules to control packet flow. Communication between these spaces is facilitated through the /dev/hellfire device file, employing ioctl and write syscalls.

Features

With Hellfire, users can craft filtering rules specifying various attributes:

  • Direction: Inbound or Outbound
  • Interface: Inbound or Outbound
  • Source: IP address, IP address range, MAC address, port number
  • Destination: IP address, IP address range, port number
  • Protocol: TCP, UDP, SCTP, ICMP

Each rule generated is dispatched to the hellfire_core module. This kernel module then inserts a fresh entry into the policy table, enabling the comparison of incoming packets against user-defined rules. In cases where packet attributes correspond to a defined rule, the packet is subsequently discarded.

Prerequisites

Building

cd build
./builder.sh

Usage

  • Install Hellfire and the necessary kernel module.
  • Use the hellfire CLI tool to create filtering rules, specifying the attributes as needed.
  • The hellfire_core module enforces these rules by inserting entries into the policy table.

Start

➜ sudo ./hellfire start

Stop

➜ sudo ./hellfire stop

Example

ADD rules

➜ sudo ./hellfire -A INPUT -i enp0s8 -s 192.168.56.17 -p icmp -t DROP
➜ sudo ./hellfire -A INPUT -s 192.168.56.17 -p tcp --dst-port 80 -t DROP
➜ sudo ./hellfire -A INPUT --src-mac 08:00:27:27:ee:33 -t DROP
➜ sudo ./hellfire -A INPUT --src-ip-range 192.168.56.17:192.168.56.18 -t DROP
➜ sudo ./hellfire -A OUTPUT -d 192.168.56.17 -p icmp -t DROP

LIST rules

➜ sudo ./hellfire -L INPUT -p icmp
ID:1 DEST:INPUT IFN:(null) SRC:192.168.56.17 DPT:0 PRO:icmp TGT:DROP

DELETE rules

➜ sudo ./hellfire -D INPUT -n 1

FLUSH policy table

➜ sudo ./hellfire -F all
Flushed the policy table

Help

➜ sudo ./hellfire -h
Usage:  hellfire [val | -<flag> [<val>] | --<name> [<val>] ]...

   start                       Start firewall
   stop                        Stop firewall
   -A, --append                Append policy[INPUT/OUTPUT]
   -D, --delete                Delete policy[INPUT/OUTPUT]
   -L, --list                  List policies[INPUT/OUTPUT]
   -F, --flush                 Delete all policies[all]
   -n, --num                   Policy id(only with -L and -D option)
   -i, --in-interface          Name of an interface via which a packet was received (only for packets entering the INPUT)
   -o, --out-interface         Name of an interface via which a packet is going to be sent (only for packets entering OUTPUT)
       --src-mac               Source mac address(only for packets entering the INPUT)
   -p, --protocol              The protocol of the rule or of the packet to check
   -s, --src-ip                Source ip address(only for packets entering the INPUT)
       --src-ip-range          Source ip address range[ip:ip](only for packets entering the INPUT)
       --src-port              Source port address(only with -p option)
   -d  --dst-ip                Destination ip address(only for packets entering OUTPUT)
       --dst-ip-range          Destination ip address range[ip:ip](only for packets entering the OUTPUT)
       --dst-port              Destination port address(only with -p option)
   -t, --target                A firewall rule specifies criteria for a packet[ACCEPT/DROP]
   -h, --help                  Display usage information and exit
   -v, --version               Display version information and exit

Contribution

Contributions are welcome! Feel free to fork this repository, make improvements, and submit pull requests.

License

Hellfire is licensed under the MIT License.

hellfire's People

Contributors

ms0g avatar swarajsomala avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

swarajsomala

hellfire's Issues

Build errors with Kernel version(5.15.0-70-generic)

Hey @ms0g,

I came across an issue while trying to build the hellofile. It appears that some kernel APIs are not compatible with version 5.15.0-70-generic, which is causing the build to fail. I have a solution for this problem and can create a pull request if you're interested. Let me know how I can help!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.