OpenGFW: flexible, open-source implementation of Great Firewall on Linux
OpenGFW
OpenGFW is a flexible, easy-to-use, open-source implementation of GFW on Linux that’s in many ways more powerful than the real thing. It’s cyber sovereignty you can have on a home router.
Features
- Full IP/TCP reassembly, various protocol analyzers
- HTTP, TLS, DNS, SSH, SOCKS4/5, and many more to come
- “Fully encrypted traffic” detection for Shadowsocks, etc. (https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf)
- Trojan (proxy protocol) detection based on Trojan-killer (https://github.com/XTLS/Trojan-killer)
- [WIP] Machine learning-based traffic classification
- Full IPv4 and IPv6 support
- Flow-based multi-core load balancing
- Connection offloading
- Powerful rule engine based on expr
- Flexible analyzer & modifier framework
- Extensible IO implementation (only NFQueue for now)
- [WIP] Web UI
Use cases
- Ad blocking
- Parental control
- Malware protection
- Abuse prevention for VPN/proxy services
- Traffic analysis (log-only mode)
Supported actions
- allow: Allow the connection, no further processing.
- block: Block the connection, no further processing.
- drop: For UDP, drop the packet that triggered the rule, and continue processing future packets in the same flow. For TCP, same as block.
- modify: For UDP, modify the packet that triggered the rule using the given modifier, and continue processing future packets in the same flow. For TCP, the same as allow.
Install & Use
Copyright (C) 2024 apernet
