A fireless firewall written for Linux systems that filters incoming and outgoing network packets based on customized rules
- filter by single IP address
- filter by subnet - using CIDR notation
- filter by single port
- filter by port range
- filter by transport layer protocol
The icewall is a security application written in C programming language. The core of this application is a binary that runs on kernel mode, analysing incoming and outgoing network packets and testing them against defined rules.
The software is divided into two binaries, the kernel module and a controller, that acts as a front-end to create rules, list them and so on.
The icewall build process is relatively easy, a single script can make everything for you. Although easily done, a few steps must be performed before compiling the source code.
The kernel module build process requires the package linux-headers to be installed on your machine. The installation process of this package depends on what distribution you are pretending to run the icewall.
# Arch Linux based distributions
sudo pacman -S linux-headers
# Debian based distributions
sudo apt install linux-headers-$(uname -r)
# Search for the package on your distro...If you have Git installed on your machine, the following command should do the trick:
git clone https://github.com/Romulo-Moraes/icewall.gitIf you don't, you can download the zip file directly on the code button above the source tree.
The icewall project uses the CMake exclusively to build the controller program. If you don't have it installed on your machine, search on web how to install it on your distribution.
# Arch Linux based distributions
sudo pacman -S cmake
# Debian based distribution
sudo apt install cmakeAssuming that you are in the project's root directory, the following set of commands should do the trick:
cd controller/build
cmake ..
cd ../..To make the overall compilation process easier, the project have a build.sh file on its root directory. After correctly setting up the CMake and installing all dependencies, running that script should build both programs and output them inside the out directory.
sh build.shAfter running the build.sh script, the out directory should have two files.
- icewall.ko - the firewall itself
- wallctl - the icewall controller
To launch the icewall on you machine, you must load it on your kernel using the following command:
sudo insmod icewall.koAfter that the firewall is running and ready to receive new rules.
Rules are parameters used to test network packets and verify if they must be dropped once they hit the icewall or allowed to move forward to their destination.
The drop rule tells the icewall to drop any packet that match its filter. The syntax of this rule is the following:
drop <incoming/outgoing> <[address]:[port]:[protocol]>Description: drops the incoming or outgoing packets that match the filter. [ address | port | protocol ] are optional, but at least one is required.
example:
wallctl drop incoming 192.168.1.107:8080The accept rule tells the icewall to allow the passage of any packet that match its filter. The syntax of this rule is the following:
accept <incoming/outgoing> <[address]:[port]:[protocol]>Description: accepts the incoming or outgoing packets that match the filter. [ address | port | protocol ] are optional, but at least one is required.
example:
wallctl accept outgoing 95.217.163.246:udpA policy is a value used by the icewall as a default action when a packet didn't match any other rule. A strategic use of policies can simplify the implementation of the firewall itself.
default <incoming/outgoing> policy <accept/drop>Description: sets the default policy of incoming or outgoing packets to accept or drop.
example:
# Only allow loopback packets
wallctl default incoming policy drop
wallctl accept incoming 127.0.0.1You can specify a subnet using the CIDR notation.
drop incoming 192.168.1.0/24The rule above drops incoming packets from addresses 192.168.1.0 to 192.168.1.255
Ports can also be specified by ranges.
accept outgoing 8080-8085The above rule accepts outgoing packets that target ports from 8080 to 8085 (inclusive).
You can list the active rules and also check the default policy by running the following command:
wallctl list <incoming/outgoing>You can also remove a rule using the ID shown by the list command:
wallctl rm <incoming/outgoing> <id>