All Projects → DOWRIGHTTV → Dnxfirewall

DOWRIGHTTV / Dnxfirewall

Licence: agpl-3.0
dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Dnxfirewall

Network Threats Taxonomy
Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies
Stars: ✭ 79 (-54.6%)
Mutual labels:  networking, security-tools
Privacy Respecting
Curated List of Privacy Respecting Services and Software
Stars: ✭ 1,663 (+855.75%)
Mutual labels:  security-tools, privacy
Pc Engines Apu Router Guide
Guide to building a Linux or BSD router on the PC Engines APU platform
Stars: ✭ 101 (-41.95%)
Mutual labels:  privacy, firewall
Toxic
An ncurses-based Tox client (please make pull requests on the development fork: https://github.com/toktok/toxic)
Stars: ✭ 987 (+467.24%)
Mutual labels:  security-tools, privacy
Personal Security Checklist
🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021
Stars: ✭ 2,388 (+1272.41%)
Mutual labels:  security-tools, privacy
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+552.87%)
Mutual labels:  security-tools, privacy
Ice
A Go implementation of ICE
Stars: ✭ 114 (-34.48%)
Mutual labels:  networking, firewall
Habu
Hacking Toolkit
Stars: ✭ 635 (+264.94%)
Mutual labels:  networking, security-tools
Encpipe
The dum^H^H^Hsimplest encryption tool in the world.
Stars: ✭ 135 (-22.41%)
Mutual labels:  security-tools, privacy
Vpnfailsafe
IP leak prevention for OpenVPN
Stars: ✭ 130 (-25.29%)
Mutual labels:  privacy, firewall
Sipcheck
SIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.
Stars: ✭ 20 (-88.51%)
Mutual labels:  security-tools, firewall
Discordcrypt
End-To-End File & Message Encryption For Discord
Stars: ✭ 150 (-13.79%)
Mutual labels:  security-tools, privacy
Myassets
Custom filters and other resources to use with uBlock Origin and uMatrix.
Stars: ✭ 12 (-93.1%)
Mutual labels:  security-tools, privacy
Securityprivacyreferencearchitecture
Open Repository for the Open Security and Privacy Reference Architecture
Stars: ✭ 73 (-58.05%)
Mutual labels:  security-tools, privacy
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+339.08%)
Mutual labels:  networking, security-tools
Windows 10 Hardening
Windows 10 hardening guide without gimmicks
Stars: ✭ 102 (-41.38%)
Mutual labels:  networking, privacy
Tor2web
Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
Stars: ✭ 531 (+205.17%)
Mutual labels:  networking, privacy
Wireguard Install
WireGuard VPN server installer
Stars: ✭ 616 (+254.02%)
Mutual labels:  networking, privacy
Pfsense Api
The missing REST API package for pfSense
Stars: ✭ 126 (-27.59%)
Mutual labels:  networking, firewall
Dontclickshit
Як не стати кібер-жертвою
Stars: ✭ 149 (-14.37%)
Mutual labels:  privacy, antivirus
NOTICE: The license has changed from the CMD version (GPLv3). The 'FULL' version (current branch) is licensed under AGPLv3.


dnxfirewall logo

Coded/tested live on twitch.tv.
DOWRIGHTTV

Overview

DNX Firewall is an optimized/high performance collection of applications or services to convert a standard linux system into a zone based next generation firewall. All software is designed to run in conjunction with eachother, but with a modular design certain aspects can be completely removed with little effort. The primary security modules have DIRECT/INLINE control over all connections, streams, messages, that goes through the system. That being said, depending on the protocol, offloading to lower level control is present to maintain the highest possible throughput with full inspection enabled. There is an IPTable custom chain to allow for the administrator to hook into the packet flow without the ability to accidentally override dnx security modules. A low level "architecture, system design" video will be created at some point to show how this is possible with pure python.

Included Features

  • DNS Proxy

    • category based blocking (general, TLD, substring matching)
    • user added whitelist/blacklist or custom general category creation
    • native DNS over TLS conversion with optional UDP fallback
    • local dns server
    • software failover
    • 2 level record caching
  • IP Proxy (transparent) Bi directional

    • reprutation based host filtering
    • geolocation filter
    • lan restriction (disables internet access to the LAN for all IPs not whitelisted)
  • IPS/IDS (WAN/inbound)

    • Denial of service detection/prevention
    • Portscan detection/prevention
  • Lightweight DHCP Server (custom)

    • ip reservations
    • security alert integration
  • General Services

    • Log handling
    • Database management
    • Syslog client (UDP, TCP, TLS) IMPORTANT: currently in a beta/unstable state. this service will not be enabled by default and will require the service enabled to start on system start.
  • Additional Features

    • IPv6 disabled
    • prebuilt iptable rules
    • DNS over HTTPs blocks (dns bypass prevention)
    • DNS over TCP blocks (dns bypass prevention)
    • DNS over TLS blocks (dns bypass prevention)
    • all inbound connections to wan DROPPED by default
    • IPTABLES custom chain for admin hook into packet flow

Before Running

NEW: sqlite3 is now the default database in use (to simplify deployments). The environment variable "SQL_VERSION" located in dnx_configure/dnx_constants.py can be flipped to use postgresql. WARNING: switching the database used after initial configuration may cause problems.

  • [+] Edit data/config.json and data/dhcp_server.json to reflect your system [interfaces].

  • [+] Move all systemd service files into the systems systemd folder.

  • [+] Configure system interfaces. LAN needs to be Default Gateway of local network.

  • [+] Compile python-netfilterqueue for your current architecture/distro (link below).

      - ensure name is netfilter.so and placed in the dnxfirewall/netfilter folder
    
    • NOTE: in the future this step will be wrapped into the deployment script
  • [+] Compile dnx_iptools/binary_search.pyx for your current architecture/distro.

      - ensure name is binary_search.so and placed in the dnxfirewall/dnx_iptools folder
    
    • NOTE: in the future this step will be wrapped into the deployment script
  • [+] Run/ follow, in order, the corresponding deployment scripts [for the selected database] to automate system setup. look at comments in script files for more direction.

Non DNX code dependencies/sources!

https://github.com/kti/python-netfilterqueue | cython <-> python extension for binding to linux kernel [netfilter] | THIS IS AWESOME!

https://www.ip2location.com/free/visitor-blocker | geolocation ip filtering datasets

https://gitlab.com/ZeroDot1/CoinBlockerLists | cryptominer host set

https://squidblacklist.org | malicious and advertisement host sets

OPTIONAL: https://github.com/tlocke/pg8000 | pure python postgresql adapter

General Showcase Demo (outdated)

This video is extremely outdated, but still shows general functionality and some of the high level security implementations. an updated video will be created soon which will show the newly added modules: syslog client, standard logging, ips/ids, updated dns proxy functionality, updated ip proxy functionality, more.

DNX Firewall Demo

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].