Skip to content
/ sirubo Public

Firewall wrapper that blocks traffic to IP addresses of AS networks.

License

MIT license
1 star 0 forks Branches Tags Activity
Star

stutstev/sirubo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
contrib
contrib
 
 
img
img
 
 
.build.yml
.build.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
sirubo
sirubo
 
 

Repository files navigation

sirubo

Blocks outbound tech conglomerate (AS) network traffic.

builds.sr.ht status



Table of Contents


Usage

sirubo [c|create] [h|halt|stop] [r|resume] [s|show]

Command Description
c create Create and start ruleset enforcement and persistence.
h halt stop Stop ruleset enforcement and persistence.
r resume Resume ruleset enforcement and persistence.
s show Show ruleset.

Description

The sirubo utility is a POSIX shell script that makes use of:

  • Transport-layer packet filtering; in particular, nftables on Linux and pf on OpenBSD, to facilitate the rejection of outgoing traffic to autonomous system network, or ASN, prefixes (subnets).

  • whois, to perform a query for ASN prefixes (subnets).


Requirements

Linux OpenBSD
nftables pf
whois whois
systemd

Motive

Preventing passive and nonconsensual telemetry, and the infringement of one's privacy thereafter, from intrusively inquisitive big tech conglomerates, such as Meta (Facebook) and Alphabet (Google).


Install

  1. Install sirubo:
sudo make install
  1. To illustrate, add the following ASN to /usr/local/etc/sirubo.conf:
AS32934 # Google
  1. Create a new firewall ruleset:
sirubo c
  1. Test your newly created firewall ruleset:
nc -vw 1 google.com 443

The command should print a message similar to this:

nc: connect to google.com (0.0.0.0) port 443 (tcp) failed: Connection refused

This will indicate that your operating system firewall is configured to reject all outbound traffic directed at Google's ASN prefixes.


Uninstall

  1. Within this repository, uninstall sirubo:
make uninstall

Or, optionally, uninstall sirubo and delete its configuration files:

make clean

Files

Programs

  • /usr/local/bin/sirubo - The utility itself.

Configurations

  • /usr/local/etc/sirubo.conf - Contains ASNs that you, the user, specify for rejection.
  • /usr/local/etc/sirubo.ruleset - Contains a cached firewall ruleset.
  • /usr/local/etc/sirubo.ruleset.backup - Contains a defunct firewall ruleset that is reserved as a backup when creating a new ruleset manually or automatically.

Services

  • /etc/systemd/system/sirubo.service (Linux) - A service that facilitates firewall ruleset persistency and automatic ruleset updates with every operating system reboot.

  • /etc/rc.d/sirubo (OpenBSD) - A service that facilitates firewall ruleset persistency and automatic ruleset updates with every operating system reboot.


License

See the LICENSE file for details.

About

Firewall wrapper that blocks traffic to IP addresses of AS networks.

Topics

linux google facebook meta big-data openbsd network firewall traffic netfilter pf autonomous-systems autonomous-system autonomous-system-numbers big-tech

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Packages

No packages published

Contributors 2

  •  
  •  

Languages