My own hand-made firewall learning project with nftables.
Go to file
celso a558420948 added test target to Makefile and updated README.md 2024-12-13 05:04:50 -03:00
.gitignore fixed typo in Makefile and added backup.conf to gitignore 2024-12-13 04:44:12 -03:00
LICENSE Initial commit 2024-12-10 12:41:47 -03:00
Makefile added test target to Makefile and updated README.md 2024-12-13 05:04:50 -03:00
README.md added test target to Makefile and updated README.md 2024-12-13 05:04:50 -03:00
defines.nft added snmp and postgresql ports, organized tcp_ports set better 2024-12-13 03:04:52 -03:00
filter.nft saved a few lines in named set definitons 2024-12-13 04:32:30 -03:00
makeconf.sh added geoip blacklist, modified makeconf.sh to add blocked countries and added conntrack checks in output chain 2024-12-13 04:28:57 -03:00
nat.nft added openvpn port, forward rules and nat table on its own file 2024-12-13 00:49:09 -03:00

README.md

homemade_firewall

My own hand-made firewall learning project with nftables.

License

This program is licensed under the Affero GNU Public License v3, you can read the copy that comes along with this program or read it at gnu.org's website

Dependencies

The following is needed to setup this firewall:

  • nftables
  • make
  • support for nftables, forwarding and conntrack in kernel

And the following to run the optional makeconf.sh script:

  • bash version 4+

Because it makes use of bash arrays and integer variables introduced from that version onwards.

Usage

To use this firewall, you must first change the .nft files to suit your setup.

Once you're satisfied, run: make makeconf to generate your nftables.conf.

Run the following command before installing make test so nftables can check for errors.

If there are no errors, you can install and run with make install

You can verify that your new rules are in place with nft list ruleset

Bug-reporting

Try to register an account, wait to be approved and submit an issue. If I take too long to approve your account or I reject your application, you can send me an email at celsochan@disroot.org