Skip to content
/ ipblock Public

IP-Block is an IP firewall implemented using XDP.

10 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cppcoffee/ipblock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
libbpf @ fbd60db
libbpf @ fbd60db
 
 
src
src
 
 
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Description

IP-Block is an XDP program, that is an IP firewall. use rules to allow/deny access to a range of IP addresses.

Block ip behavior use XDP package drop.

Build

$ git submodule init
$ git submodule update
$ make

After compilation, two executable programs are generated:

  • src/ipblock-loader is XDP loader, which is used to load and unload XDP program.
  • src/ipblock-rule is used to control the add and remove of rules.

Usage

ipblock-loader

Attach XDP program

attach the ipblock XDP program on the eth2

# ./ipblock-loader -d eth2
Detach XDP program

detach the XDP program for the eth2

# ./ipblock-loader -d eth2 -u

ipblock-rule

Insert rules

droping IP packets for the ::ffff:c612:13/128

$ ./ipblock-rule -a ::ffff:c612:13/128 -p deny

allow IP packets for the 192.168.31.0/24

$ ./ipblock-rule -a 192.168.31.0/24 -p allow
Delete rules
$ ./ipblock-rule -d ::ffff:c612:13/128
$ ./ipblock-rule -d 192.168.31.0/24

List rules

$ ./ipblock-rule -l

Reference

BPF and XDP Reference Guide

github libbpf

BPF Portability and CO-RE

About

IP-Block is an IP firewall implemented using XDP.

Resources

Readme
Activity

Stars

10 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Apr 26, 2023

Packages

No packages published

Languages