dnx firewall
DNX Firewall is an optimized/high-performance collection of applications or services to convert a standard Linux system into a zone-based next-generation firewall. All software is designed to run in conjunction with each other, but with a modular design certain aspects can be completely removed with little effort. The primary security modules have DIRECT/INLINE control over all connections, streams, messages, that goes through the system. That being said, depending on the protocol, offloading to lower-level control is present to maintain the highest possible throughput with full inspection enabled. There is an IPTable custom chain to allow the administrator to look into the packet flow without the ability to accidentally override dnx security modules. A low level “architecture, system design” video will be created at some point to show how this is possible with pure python.
Included Features
- DNS Proxy
- category-based blocking (general, TLD, substring matching)
- user-added whitelist/blacklist or custom general category creation
- native DNS over TLS conversion with optional UDP fallback
- local dns server
- software failover
- 2 level record caching
- IP Proxy (transparent) Bi-directional
- reputation based host filtering
- geolocation filter
- lan restriction (disables internet access to the LAN for all IPs not whitelisted)
- IPS/IDS (WAN/inbound)
- Denial of service detection/prevention
- Portscan detection/prevention
- Lightweight DHCP Server (custom)
- ip reservations
- security alert integration
- General Services
- Log handling
- Database management
- Syslog client (UDP, TCP, TLS) IMPORTANT: currently in a beta/unstable state. this service will not be enabled by default and will require the service enabled to start on system start.
- Additional Features
- IPv6 disabled
- prebuilt iptable rules
- DNS over HTTPs blocks (dns bypass prevention)
- DNS over TCP blocks (dns bypass prevention)
- DNS over TLS blocks (dns bypass prevention)
- all inbound connections to wan DROPPED by default
- IPTABLES custom chain for admin hook into packet flow
Download & Use
Copyright (C) 2020 DOWRIGHTTV
