This is an LKM that implements firewall extension for Linux kernel
Although this LKM has been tested, I do not recommend loading it on your own machine and I do not give any guarantee that it will not crash your kernel or alter the memory on your machine.
Please see SPEC.md file to understand the problem that this project is trying to resolve.
It is implemented using the linked list defined in firewallExtension.h and it is using Linux semaphores to avoid concurrency conflicts between multiple processes that might access the module.
- Loading the module will create a process that will filter ip based on the current loaded rules
- The userspace program is attributed with passing the rules from string to kernelspace memory
- Once loaded, the string is parsed inside a linked list
- The firewall will try to match every outgoing packet to a port in the rules.
- If no rule is specified ofr a port, then any application can freely use the port
- If there is at least a rule, all application but the one specified are rejected
In the own folder there is a test file called test.sh. This will provide basic testing for loading rules into the lkm.
There is another bash script called firewallExtension that is used to test memory errors and leaks with kedr. Read more on the kedr page
- To check for memory leaks (which the kernel does not detect automatically), I have used kedr
kedr is an analysis tool that checks memory at run time
- You can find it on github/euspecter/kedr
- It does not require recompiling the kernel
- But it does require compiling from source because its features are kernel specific
- Efficiency could be improved by linking all rules for a particular port instead of linking all rules for all ports in random order.
- For a very large number of rules, this filter becomes very slow.
This project is licensed under the Apache License Version 2.0 - see the LICENSE.md file for details