1f16691715
XDP SYNPROXY rules needs to be first in filter table INPUT user defined chain and raw table PREROUTING user defined chain. To list the custom chain evaluation order for example: iptables -L INPUT --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 INSYNPROXY all -- anywhere anywhere 2 IPSBYPASS all -- anywhere anywhere mark match 0xc0000000/0xc0000000 3 BADTCP tcp -- anywhere anywhere 4 CUSTOMINPUT all -- anywhere anywhere 5 HOSTILE all -- anywhere anywhere 6 BLOCKLISTIN !icmp -- anywhere anywhere 7 GUARDIAN all -- anywhere anywhere 8 OVPNBLOCK all -- anywhere anywhere 9 IPS_INPUT all -- anywhere anywhere mark match 0x0/0xc0000000 10 IPTVINPUT all -- anywhere anywhere 11 ICMPINPUT all -- anywhere anywhere 12 LOOPBACK all -- anywhere anywhere 13 CAPTIVE_PORTAL all -- anywhere anywhere 14 CONNTRACK all -- anywhere anywhere 15 DHCPGREENINPUT all -- anywhere anywhere 16 TOR_INPUT all -- anywhere anywhere 17 LOCATIONBLOCK all -- anywhere anywhere 18 IPSECINPUT all -- anywhere anywhere 19 GUIINPUT all -- anywhere anywhere 20 WIRELESSINPUT all -- anywhere anywhere ctstate NEW 21 OVPNINPUT all -- anywhere anywhere 22 INPUTFW all -- anywhere anywhere 23 REDINPUT all -- anywhere anywhere 24 POLICYIN all -- anywhere anywhere iptables -t raw -L PREROUTING --line-numbers Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 RAWSYNPROXY all -- anywhere anywhere Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
FireBeeOS - The Open Source Firewall
What is FireBeeOS?
FireBeeOS is fork of IPFire 2.x, a hardened, versatile, state-of-the-art Open Source firewall based on Linux, FireBeeOS extended IPFire 2.x with kernel eBPF support, allow packet filtering in kernel XDP/TC hook, which could bypass the Linux iptables packet filtering to speed up packet processing. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. IPFire has a full list of features have a look here.
This repository contains the source code of FireBeeOS which is used to build the whole distribution from scratch, since FireBeeOS is based on IPFire which is not based on any other distribution.
Where can I get FireBeeOS?
Just head over to http://www.99os.org/download
How do I use this software?
We will have documentation on how to use FireBeeOS eBPF features. IPFire have a long and detailed wiki located here which should answers most of your questions for IPFire.
But I have some questions left. Where can I get support?
You can ask your question by open github issue report or discussion or You can ask your question at ipfire community located here that is IPFire related.