Flareoff is a stateful software firewall implemented as a Loadable Kernel Module (LKM). Flareoff provides network security by filtering incoming and outgoing network traffic based on a set of user-defined rules.
Loadable Kernel Modules are kernel extensions that can be loaded into operating system kernel dynamically.
main.c resides in the kernel and hooks itself with the existing netfilter hooks, specifically the PRE_ROUTING hook. In the topology that is created, gateway is then placed at a position such that all the traffic to and from outside the LAN flows through this gateway.
The 'main' module inspects every packet and based on the rules provided, makes the decision of whether to accept the packet or to drop it.
Following are the rules 'main' module implements:
- Block all unsolicited ICMP packets coming in from outside except the ones going to the web-server. However, the local hosts should be able to ping outside.
- Block all SSH attempts from outside.
- Block port 80 (HTTP) access from outside except for the web-server and test that an internal website on a local host is only accessible from inside.
Provided is main.c and a Makefile.
Pre-requisites for successful build:
sudo apt-get install linux-headers-$(uname -r) build-essential
- Run the make command inside the directory you have kept these files
make - Successful build will generate
main.kowhich is the kernel module - Now, load this module directly in the kernel
sudo insmod ./main.ko - To see which packets pass the filter and which are dropped, use
sudo tail -f /var/log/kern.log - To unload the kernel module,
sudo rmmod main
Flareoff is an open-source software and is licensed under the GNU General Public License v3.0. Anyone interested is free to contribute to the project.