Github project filter_firewall Description: github open-source project

Source: Internet
Author: User

Github project filter_firewall Description: github open-source project
Purpose:

This article describes the projects uploaded to github. Github link: filter_firewall any comments or suggestions can be Email: 18277973721@sina.cn

Project Introduction:

Packet Filtering Firewall, which operates on packets that access the local network, including allow access (Accept) and block access (Drop.

Development Environment:

Operating System: Ubuntu 12.04 and Linux kernel 3.15

Development Tool: vim

Development language: C

Developer:

Module description

1. packet interception

The kernel module uses the netfilter framework to filter data packets, capture data packets at the network layer, and view the filter rule table. If filtering is required, Drop the data packets and do not allow them to enter the user space. If it is not in the filter rule table, access is allowed and access is normal.

2. Configure filtering rules for users

The user space module interacts with the kernel module and uses command line parameters to configure command line options as follows:

Option Description Value Status
- Append rule chain NA Complete
-D Delete rule chain NA Incomplete
-P Port Short Complete
-I Operation Input chain NA Complete
-O Operation Output chain NA Incomplete
-F Operate the Forward chain NA Incomplete
-R Operation Result Drop | accept Complete
-F Source IP Address Ip value Complete
-T Forwarding IP Address Ip value Incomplete

Do not use uncompleted command line options.

For Example:

Filter_client-A-p 80-I-r drop-f 192.168.1.105

By configuring the above link, access to port 80 of the local machine from the IP address 192.168.1.105 can be blocked.

About how to use this project:

First of all, I declare that this project is mainly used for learning and communication. The author's level is limited. If you have any comments or suggestions on this project, you can email: 18277973721@sina.cn (Note: 18277973721 non-author is using the mobile phone number ).

The following describes how to use this project.

Re-compile the source code ====>> load the kernel module ====>> use the user module to configure redirection information. The following are some step commands:

Cd kernelspace

Make clean

Make

Make install

========================================

Cd userspace

Make clean

Make

./Filter_client-A-p 80-I-r drop-f 192.168.1.105

View log: tail/var/log/syslog, tail/var/log/message, or dmesg

Finally:

Recently, I am posting code to github. I hope to learn more from the developer's experience.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.