A eBPF based firewall to block traffic using the Country or the ASN
| geofw | ||
| geofw-common | ||
| geofw-ebpf | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| config.json | ||
| README.md | ||
| run.sh | ||
| rustfmt.toml | ||
geofw
Prerequisites
- stable rust toolchains:
rustup toolchain install stable - nightly rust toolchains:
rustup toolchain install nightly --component rust-src - (if cross-compiling) rustup target:
rustup target add ${ARCH}-unknown-linux-musl - (if cross-compiling) LLVM: (e.g.)
brew install llvm(on macOS) - (if cross-compiling) C toolchain: (e.g.)
brew install filosottile/musl-cross/musl-cross(on macOS) - bpf-linker:
cargo install bpf-linker(--no-default-featureson macOS)
Build & Run
Use cargo build, cargo check, etc. as normal. Run your program with:
cargo run --release --config 'target."cfg(all())".runner="sudo -E"'
Cargo build scripts are used to automatically build the eBPF correctly and include it in the program.
Cross-compiling on macOS
Cross compilation should work on both Intel and Apple Silicon Macs.
CC=${ARCH}-linux-musl-gcc cargo build --package geofw --release \
--target=${ARCH}-unknown-linux-musl \
--config=target.${ARCH}-unknown-linux-musl.linker=\"${ARCH}-linux-musl-gcc\"
The cross-compiled program target/${ARCH}-unknown-linux-musl/release/geofw can be
copied to a Linux server or VM and run there.