Implement XDP firewall with real-time TUI monitoring
Features: - High-performance packet filtering via eBPF/XDP - Instant blocklist with dynamic CLI management - Exact-match rules with Drop/Pass/Log actions - CIDR-based IP range dropping via LPM trie - Token-bucket rate limiting (IP-based and flow-based) - Auto temp bans for rate limit violators - Real-time event logging via BPF ring buffer - Interactive TUI monitor with live stats Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
9
xtask/Cargo.toml
Normal file
9
xtask/Cargo.toml
Normal file
@@ -0,0 +1,9 @@
|
||||
[package]
|
||||
name = "xtask"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
anyhow = "1.0"
|
||||
duct = "0.13"
|
||||
clap = { version = "4.5", features = ["derive"] }
|
||||
51
xtask/src/main.rs
Normal file
51
xtask/src/main.rs
Normal file
@@ -0,0 +1,51 @@
|
||||
use std::{path::PathBuf, process::Command};
|
||||
|
||||
use clap::{Parser, Subcommand};
|
||||
|
||||
#[derive(Parser)]
|
||||
#[command(about = "Build helpers for xdp-firewall")]
|
||||
struct Cli {
|
||||
#[command(subcommand)]
|
||||
command: Commands,
|
||||
}
|
||||
|
||||
#[derive(Subcommand)]
|
||||
enum Commands {
|
||||
BuildEbpf,
|
||||
}
|
||||
|
||||
fn main() -> anyhow::Result<()> {
|
||||
let cli = Cli::parse();
|
||||
match cli.command {
|
||||
Commands::BuildEbpf => build_ebpf(),
|
||||
}
|
||||
}
|
||||
|
||||
fn build_ebpf() -> anyhow::Result<()> {
|
||||
let root = PathBuf::from(env!("CARGO_MANIFEST_DIR")).parent().unwrap().to_path_buf();
|
||||
let ebpf_dir = root.join("xdp-firewall-ebpf");
|
||||
let target_dir = root.join("target");
|
||||
|
||||
let status = Command::new("rustup")
|
||||
.args([
|
||||
"run",
|
||||
"nightly",
|
||||
"cargo",
|
||||
"build",
|
||||
"-Zbuild-std=core",
|
||||
"--package",
|
||||
"xdp-firewall-ebpf",
|
||||
"--target",
|
||||
"bpfel-unknown-none",
|
||||
"--release",
|
||||
])
|
||||
.current_dir(&ebpf_dir)
|
||||
.env("CARGO_TARGET_DIR", &target_dir)
|
||||
.status()?;
|
||||
|
||||
if !status.success() {
|
||||
anyhow::bail!("eBPF build failed");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Reference in New Issue
Block a user