Skip to content

hetoke/eBPF-Firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
ebpf
ebpf
 
 
README.md
README.md
 
 

Repository files navigation

eBPF Firewall (XDP)

A simple high-performance firewall built with eBPF/XDP for Linux. The program attaches at the NIC ingress (XDP hook) to filter packets before they reach the kernel networking stack.

Requirements

  • Linux kernel 5.8+ (XDP + CO-RE recommended)
  • Root privileges
  • clang / LLVM
  • libbpf

Install Dependencies (Ubuntu / Debian)

$ sudo apt update
$ sudo apt install -y \
    clang \
    llvm \
    libbpf-dev \
    linux-headers-$(uname -r) \
    build-essential \
    pkg-config \
    bpftool

Other distros: install equivalent clang, libbpf, bpftool, and kernel headers.

Generate vmlinux.h

vmlinux.h is required for BPF CO-RE.

$ bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h

Build BPF Object (.bpf.o)

$ clang -O2 -g -target bpf \
    -D__TARGET_ARCH_x86 \
    -c firewall.bpf.c \
    -o firewall.bpf.o

Change __TARGET_ARCH_x86 if needed (e.g. arm64).

Build User-Space Loader

$ gcc -o firewall firewall.c -lbpf

Run

$ sudo ./firewall

Notes

  • Uses XDP for early packet filtering
  • Inbound filtering only (can be extended to egress / tc), using ip.txt to insert block IPs
  • Tested on Kali / Ubuntu

Clean Up

Detach XDP program if needed:

$ sudo ip link set dev eth0 xdp off

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages