Displaying 1 to 9 from 9 results

Ufw - Uncomplicated Firewall

  •    Python

Ufw stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

HiddenWall - Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, rootkit functions etc)

  •    C

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).

rust-iptables - Rust bindings for iptables

  •    Rust

Rust iptables v0.2.2 provides bindings for iptables application in Linux (inspired by go-iptables). This crate uses iptables binary to manipulate chains and tables. This source code is licensed under MIT license that can be found in the LICENSE file.For more information, please check the test file in tests folder.

opensvp - Opensvp is a security tool implementing "attacks" to be able to test the resistance of firewall to protocol level attack

  •    Python

Opensvp is a security tool implementing "attacks" to be able to test the resistance of firewall to protocol level attack. It implements classic attacks as well as some new kind of attacks against application layer gateway (called helper in the Netfilter world). For example, opensvp is able under some conditions (see explanation below for details) to open a pin hole in a firewall protecting a ftp server: even if the filtering policy garantee that only the 21 port is open to the server, you can open 'any' port on the server by using opensvp.

docker-nfqueue-scapy - Docker container for intercepting packets with scapy from a netfilter queue (nfqueue)

  •    Python

Docker container with an example python script to listen for packets on a netfilter queue and manipulate them with scapy. You can listen on any queue number, and you can push packets into the queue from any iptables rule. This container gives you a powerful prototyping and debugging tool for monitoring, manipulating, dropping, accepting, requeing, or forwarding network packets in python. You can read from a queue on the host with --net=host --cap-add=NET_ADMIN. Or, you can run it within another container's namespace to listen for packets on an nfqueue in that container's network namespace. This container includes a full installation of scapy and python netfilter queue (nfqueue) bindings, and an example python script nfqueue_listener.py to print incoming packets on the queue.

go-nflog - c-binding free API for golang to communicate with the log subsystem of netfilter

  •    Go

This is go-nflog and it is written in golang. It provides a C-binding free API to the netfilter based log subsystem of the Linux kernel. This package processes information directly from the kernel and therefore it requires special privileges. You can provide this privileges by adjusting the CAP_NET_ADMIN capabilities.

conntrack - Pure-Go Conntrack implementation; for humans.

  •    Go

Package conntrack implements the Conntrack subsystem of the Netfilter (Netlink) protocol family. The package is intended to be clear, user-friendly, thoroughly tested and easy to understand. It is purely written in Go, without any dependency on Cgo or any C library, kernel headers or userspace tools. It uses a native Netlink implementation (https://github.com/mdlayher/netlink) and does not parse or scrape any output of the conntrack command.

netfilter - Pure-Go Netfilter Netlink family implementation.

  •    Go

Package netfilter provides encoding and decoding of Netlink messages into Netfilter attributes. It handles Netfilter-specific nesting of attributes, endianness, and is written around a native Netlink implementation (https://github.com/mdlayher/netlink). It is purely written in Go, without any dependency on Cgo or any C library, kernel headers or userspace tools. The goal of this package is to be used for implementing the Netfilter family of Netlink protocols. For an example implementation, see https://github.com/ti-mo/conntrack.

lsconntrack - The Linux netfilter conntrack-based connection flows pretty printer.

  •    Go

lsconntrack prints host flows (aggregated connection flows to the same source or destination ports) tracked by Linux netfilter conntrack and enables you to simply grasp the network relationship between localhost and other hosts.