Durdur is a CLI tool for Linux implementing L3/L4 packet dropping with eBPF/Go.
Durdur is easy to use with these commands: attach
, detach
, drop
, undrop
, and list
.
All commands should be run with root privileges.
attach
installs Durdur on the system for a specific interface.
durdur attach --interface eth0
detach
uninstalls Durdur from the system.
durdur detach
drop
and undrop
checks all (ingress) L3 and L4 packets in the system and either block or allow them.
Both commands support the following flags:
src
for the source address value of an IPv4 packet.dns
for the domain value of a DNS packet.
Example usage for drop
;
durdur drop --src "192.0.1.1"
durdur drop --dns "example.com"
Example usage for undrop
;
durdur undrop --src "192.0.1.1"
durdur undrop --dns "example.com"
list
writes all entires of the maps to the stdout. It has 3 subcommands; src
, dns
, and all
.
Example usage for list
;
durdur list src
durdur list dns
durdur list all
Build and use build/durdur
binary.
make build
Build the image.
make build-docker
Run the container with privileges.
Example usage;
docker run --rm -i -t --net="host" --privileged -v /sys/fs/bpf:/sys/fs/bpf durdur -- attach -i eth0
docker run --rm -i -t --net="host" --privileged -v /sys/fs/bpf:/sys/fs/bpf durdur -- drop --dns "example"
PS: You don't need to use --net="host"
if you don't want to access host's interfaces.
- Egress support.
- Wildcard support to DNS.
- IPv6 support.
- Multiple interfaces support.
- Port support.
GPL-3.0 license,
Copyright 2022-2024 Bora Tanrikulu <[email protected]>