Skip to content

ZephyrCodesStuff/wireveil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
src
src
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
wireveil.toml.example
wireveil.toml.example
 
 

Repository files navigation

🕸️ wireveil

Wireveil is a firewall designed for A/D CTF competitions. It selectively blocks packets based on configurable regular expressions, providing a flexible and efficient way to enforce network security policies.

✨ Features

  • Regex-based Packet Filtering: Define custom regex patterns to block specific packet contents.
  • Service-specific Rules: Configure rules for individual services running on different ports.
  • NFQueue Integration: Uses Linux's NFQueue for packet inspection and verdicts.
  • Logging and Tracing: Provides detailed logs for blocked packets and system events.
  • Low-level NFT Setup: Uses low level NFT FFI bindings for C to interact with nftables safely.
  • Multiple Instances: Each Wireveil instance is separated by design, so you can run multiple without conflicts.

📦️ Installation

  1. Clone the repository:

    git clone https://github.com/ZephyrCodesStuff/wireveil.git
cd wireveil

  2. Install dependencies:

    • Ensure you have Rust installed. If not, install it from rustup.rs.
    • Install the required libraries for libnfnetlink and libnetfilter_queue: 
      sudo apt-get install libnfnetlink-dev libnetfilter-queue-dev

  3. Build the project:

    cargo build --release

🔧 Configuration

WireVeil uses a wireveil.toml configuration file to define services and their respective rules. An example configuration file is provided as wireveil.toml.example.

🍱 Example Configuration

[services]

[services.vuln_http_service]
port = 8080
block = [
    "[A-Z0-9]{31}=",
    "flag{[a-zA-Z0-9]+}",
]

[services.vuln_tcp_service]
port = 3000
block = ["[A-Z0-9]{31}="]
  • port: The port number the service listens on.
  • block: A list of regex patterns to block packets matching these patterns.

Rename wireveil.toml.example to wireveil.toml and modify it as needed:

mv wireveil.toml.example wireveil.toml

⚡️ Usage

  1. Run the application:

    sudo ./target/release/wireveil

  2. The application will:

    • Load the configuration file.
    • Set up iptables rules to redirect packets to NFQueue.
    • Start processing packets based on the defined rules.

  3. To stop the application, press Ctrl+C. The iptables rules will be cleaned up automatically.

🔨 Troubleshooting

iptables: Bad rule (does a matching rule exist in that chain?)

Your system might not be running the nftables backend.

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

✏️ Logging

WireVeil uses the tracing crate for logging. You can configure the log level using the RUST_LOG environment variable. For example:

RUST_LOG=debug sudo ./target/release/wireveil

📝 Contributing

Contributions are welcome! Feel free to open issues or submit pull requests on the GitHub repository.

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.

❤️ Acknowledgments

  • Built with Rust and powered by NFQueue.
  • Inspired by Firegex
  • Using Mullvad's awesome nftnl-rs bindings for NFT.
  • Implemented serpilliere's fix for the nfqueue-rs library

About

A firewall for A/D CTF competitions, to selectively block packets based on regular expressions.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

🔖 v1.0.0: Initial release! Latest
May 13, 2025

Packages

No packages published

Languages