Warning
Ignore this README. It may change as I develop and adjust configurations. The entire tool is under development, while I am learning Rust and eBPF. I am not a Rust senior developer, so I am learning as I go. I am open to any suggestions or improvements. Code is not optimized. I will try to split functionalities into different files. Also, some code comments are missing.
Network monitoring and firewall using EBPF, XDP and TC. Powered by Aya-rs
Built with โค in Rust
Table of Contents generated with mtoc
Look at what level it works XDP:
Powerful, right? Same for traffic control (TC).
Note
nflux uses XDP for incoming packet processing (only works with physical interfaces). For outgoing packets, it uses TC. If you want to use it with a virtual interface, you need to use the tc mode which is not implemented yet.
Basic XDP firewall:
- Block incoming ipv4/ipv6-tcp/udp packets.
- Allow incoming ipv4/ipv6-tcp/udp packets.
- Block incoming ICMP packets.
- Filter outgoing packets.
- Docker
By the moment, the quickest way to install nflux is using containers. Let's see how to run nflux with docker-compose.
git clone https://github.com/containerscrew/nflux.git
make compose-buildBefore running the container, you need to edit the configuration file nflux.toml. The most important configuration is the interface name.
ip link show # get the name of your PHYSICAL interface
# Once is changes in the conf file, lets run nflux
make compose-upWarning
In Fedora, where selinux is enforced by default, I'm having some problems.
Quick fix (not secure): sudo setenforce 0
By default, nflux will allow SSH (22) connections from any IP. Avoid blocking your SSH connection if testing in remote servers (VPS).
For local development, I don't use containers since the build process is slow. Visit this custom page for local development.
Any improvement is welcome! If you want to help me improve in Rust and eBPF, I'd be delighted!
nflux is distributed under the terms of the AGPL3 license.