Vulcan Guard is a comprehensive network management tool designed to mitigate DDOS attacks
Vulcan Guard is a network management tool designed to test network security and performance. It combines a rate limiter, an eBPF-based XDP (Express Data Path) packet filter, and a load balancer with multiple algorithm support to provide a working firewall solution :D.
Rate Limiter:
eBPF-based XDP Packet Filter:
Load Balancer:
Round Robin Algorithm:
Least Connection Algorithm:
IP Tracking and Analysis:
libbpf
library installed.GCC
or Clang
compiler.Go
version 1.22.0
or higherClone the repository:
git clone https://github.com/yourusername/suboptimal-Firewall.git
cd suboptimal-Firewall
Build the project:
go build
Add the binary to the global scope
#If using zsh
nano ~/.zshrc
#if using bash
nano ~/.bashrc
and add the path to the binary using
export PATH="$PATH:/complete_path_to_cloned_repo/Suboptimal-firewall"
Run the firewall:
sudo Firewall
Stopping The firewall:
Ctrl+C
Add a list of backend servers or URLs for Loadbalancing in https://github.com/Aditya1404Sal/Suboptimal-firewall/blob/6336a34363dd23fe10c6f9a3aa0cedbd51a6c73a/main.go#L88
Modify the eBPF filtering rules in PacketFilter/pkfilter.c
file according to your usage (Optional) :
SEC("xdp")
int xdp_filter(struct xdp_md *ctx) {
// Custom filtering logic
return XDP_PASS;
}
To start the firewall with default settings:
sudo Firewall
Logs are stored in the root /
directory. Monitor the firewall status and performance:
tail -f Firewall.log
WARNING: Vulcan-Guard is Underdeveloped
This project is currently NOT SUITABLE for production environments. It is intended purely for learning and educational purposes . The current version lacks extensive testing, which can lead to security vulnerabilities, performance issues, and other critical problems.
Use at Your Own Risk
The creator of this tool will not be held liable for any damages or negative outcomes resulting from its use. By using this tool, you acknowledge the potential risks and agree that the responsibility for any issues lies solely with you.
Future Development Needed
Further work is required to make this project a stable and reliable tool. Contributions and feedback are warmly welcomed to help improve its functionality and security.
I welcome contributions to improve suboptimal-Firewall. Please follow these steps to contribute:
git checkout -b feature-branch
.git commit -m 'Add new feature'
.git push origin feature-branch
.The eBPF-based XDP Packet Filter implementation in this project is inspired by the article "Simple XDP Firewall with Golang" by Hasan Behbahani. This article provided a solid foundation upon which I built the dynamic channel-based IP management system, enabling real-time IP blacklisting and automatic unblocking of temporarily blocked IPs.