PitchHut logo
Log in / Sign up
A high-performance firewall for real-time network traffic filtering.
Preview url
Visit project
Pitch

Meds is an efficient firewall system crafted in Go, leveraging Linux Netfilter through NFQUEUE to scrutinize inbound traffic. Designed to optimize your network security, it blocks malicious and unwanted data in real-time, ensuring a smoother and safer online experience.

Description

Meds is an advanced, high-performance firewall system developed in Go, designed to enhance network security by efficiently filtering inbound traffic. By leveraging Linux Netfilter via NFQUEUE, Meds inspects and processes traffic in user space, allowing for real-time identification and blocking of malicious or undesired activities.

Key Features:

  • NFQUEUE-based Packet Interception: Effectively captures inbound packets with minimal performance impact by utilizing Linux Netfilter queues.
  • Fast Packet Parsing: Employs gopacket for efficient traffic analysis, ensuring rapid processing of packets.
  • Lock-free Architecture: Implements a non-blocking core, allowing for high concurrency with atomic operations instead of mutexes.
  • Robust Filtering Mechanisms: Includes IP and Domain blacklists from reputable sources like FireHOL, Spamhaus DROP, and others, facilitating automatic blocking of harmful IPs.
  • TLS SNI & JA3 Filtering: Capable of inspecting TLS ClientHello data to filter based on SNI and JA3 fingerprints, enabling the detection of malicious TLS clients before handshakes complete.
  • Dynamic Rate Limiting: Utilizes a token bucket algorithm to limit traffic rates per IP, safeguarding against various flood attacks (e.g., SYN, DNS).
  • RESTful API for Configuration: An integrated HTTP API, powered by Gin, allows for real-time management of whitelists and blacklists, secured with Basic Auth.
  • Prometheus Metrics Export: Metrics are made available for observability, including counts of processed, dropped, and accepted packets, facilitating integration with monitoring tools.
  • Asynchronous Logging: Implements zerolog for efficient, low-latency logging to minimize any processing delays.
  • Extensible Design: Modular architecture allows for easy addition of new filtering features like GeoIP or ASN filtering.

How It Works:

Meds operates by intercepting all inbound packets through a Netfilter rule, classifying them via a series of filters and determining whether to accept or drop each packet based on established criteria. This ensures a comprehensive decision-making process aimed at maintaining network integrity.

Example Commands:

Check if IP is in whitelist:

curl -u admin:mypass -X GET http://localhost:8000/v1/whitelist/subnets/200.168.0.1

Add subnet to whitelist:

curl -u admin:mypass -X POST http://localhost:8000/v1/whitelist/subnets \
  -d '{"subnets": ["200.168.0.0/16"]}'

Through its effective combination of features, Meds significantly enhances network security, ensuring safe operation against an array of potential cyber threats.

0 comments

No comments yet.

Sign in to be the first to comment.