OSFW is a firewall written in Python that provides an IP / domain filtering based on a collection of threat intelligence public feeds. It relies on underlying dependencies like iptables (netfilter) and unbound.

It blocks in real time incoming and outcoming traffic considered as malicious (matching the filtering rules automatically set up for each threat).

It also provides a secure DNS service that blocks different kind of malicious servers (phishing websites, malware hosting, malvertising, C&C servers, etc).

• Firewall components
• Quick start
• Configuration
  • DNS service
  • Remote access
  • Launch mode
  • Filter mode
  • Miscellaneous
• Dependencies
• Support
• License

OSFW includes 3 main components:

Install the dependencies with your package manager (for example apt on Ubuntu or yum on Fedora):

apt install python3 virtualenv iptables unbound systemd supervisor screen

Install the virtual environment:

cd uppersafe-osfw
virtualenv -p python3 venv
source venv/bin/activate && pip install -r requirements.txt

Start the firewall components:

bash run.sh

Attach a screen:

screen -r osfw-sensor
screen -r osfw-syncfw
screen -r osfw-webapp

Automatically launch the firewall at startup (supervisorctl will be used instead of screen):

ln -s "$PWD/assets/supervisord.conf" /etc/supervisor/conf.d/osfw.conf

It is possible to customize the behaviour of the firewall by copying the default config.default.yml file and editing your own config.yml file:

cp config.default.yml config.yml && chmod 600 config.yml

To enable the secure DNS service, simply create a symbolic link of the unbound.conf file to the Unbound configuration directory with the following command:

ln -s "$PWD/assets/unbound.conf" /etc/unbound/unbound.conf.d/osfw.conf

To securely enable remote access to the web interface, you need to install a web server with reverse proxy capabilities with your package manager (for example apt on Ubuntu or yum on Fedora):

apt install nginx ssl-cert

Then, create a symbolic link of the nginx.conf file to the Nginx configuration directory with the following command:

ln -s "$PWD/assets/nginx.conf" /etc/nginx/sites-enabled/osfw.conf

If you want to use your own SSL certificates instead of those provided by the ssl-cert package, don't forget to update the default nginx.conf file.

There are 3 ways to launch the firewall:

Filtering can be achieved through 2 different methods:

It happens that some legit and top ranked websites got blocked because of different reaspns, most of the time one of the following cases:

• Their users can upload files on the main domain (file transfer providers or cloud storage providers)
• Their users can upload files or even web pages on a subdomain (hosting providers)
• Their users can perform URL redirect (link shortener websites)

To prevent these websites from being blocked, you can specify them as a list in the configuration file.

In case you want to edit the default list, you can use a magic keyword tld that will match any top level domain and some specific second level domain names. For example, domain.tld will match all of the following cases:

• domain.uk
• domain.co.uk
• domain.com.uk
• domain.net.uk
• domain.org.uk
• domain.edu.uk
• domain.gov.uk
• domain.jp
• domain.co.jp
• domain.com.jp
• domain.net.jp
• domain.org.jp
• domain.edu.jp
• domain.gov.jp

There is a way to perform a subdomain wildcard, to do so you need to use a *? instead of the subdomain (for example *?.domain.com will match domain.com and a.domain.com but not b.a.domain.com).

• python3 (see also requirements.txt)
• virtualenv
• iptables
• unbound
• systemd
• supervisor
• screen
• nginx
• ssl-cert

Nicolas THIBAUT (nicolas[@]uppersafe[.]com)

https://www.patreon.com/dev2lead/memberships

This software is provided under a GNU AGPLv3 License.