Merwall is a lightweight Linux firewall module.
C
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
LICENSE
Makefile
README.md
merwall_admin.c
merwall_admin.h
merwall_common.c
merwall_common.h
merwall_module.c
merwall_module.h

README.md

Description

Merwall is a lightweight Linux firewall, built as Loadable Kernel Module and a userspace administration tool.

It is based on the Netfilter API for packet filtering and rule matching. Sysfs virtual filesystem is used for communication between userspace and kernelspace.

Build and launch

$ make
$ sudo insmod kmerwall.ko

Remove

$ sudo rmmod kmerwall
$ make clean

Examples

  • Drop all UDP traffic:
  • ./merwall_admin --proto UDP
  • Drop all UDP traffic to/from port 53.
  • ./merwall_admin --proto UDP --dstport 53
  • Allow all TCP traffic coming from 1.2.3.4:80
  • ./merwall_admin --action PASS --proto TCP --direction IN --srcip 1.2.3.4 --srcport 80
  • Allow outgoing traffic to port 80
  • ./merwall_admin --action PASS --dstport 80
  • Delete rule number 33
  • ./merwall_admin --delete 33
  • List all rules.
  • ./merwall_admin --list

ToDo

Update documentation: Installation, usage etc.,

Credits

  • Thanks to Djalal "tixxdz" Harouni ( http://opendz.org/ ) for all the tips, help and encouragement.