Wireveil is a firewall designed for A/D CTF competitions. It selectively blocks packets based on configurable regular expressions, providing a flexible and efficient way to enforce network security policies.
- Regex-based Packet Filtering: Define custom regex patterns to block specific packet contents.
- Service-specific Rules: Configure rules for individual services running on different ports.
- NFQueue Integration: Uses Linux's NFQueue for packet inspection and verdicts.
- Logging and Tracing: Provides detailed logs for blocked packets and system events.
- Low-level NFT Setup: Uses low level NFT FFI bindings for C to interact with
nftables
safely. - Multiple Instances: Each Wireveil instance is separated by design, so you can run multiple without conflicts.
-
Clone the repository:
git clone https://github.com/ZephyrCodesStuff/wireveil.git cd wireveil
-
Install dependencies:
- Ensure you have Rust installed. If not, install it from rustup.rs.
- Install the required libraries for
libnfnetlink
andlibnetfilter_queue
:sudo apt-get install libnfnetlink-dev libnetfilter-queue-dev
-
Build the project:
cargo build --release
WireVeil uses a wireveil.toml
configuration file to define services and their respective rules. An example configuration file is provided as wireveil.toml.example
.
[services]
[services.vuln_http_service]
port = 8080
block = [
"[A-Z0-9]{31}=",
"flag{[a-zA-Z0-9]+}",
]
[services.vuln_tcp_service]
port = 3000
block = ["[A-Z0-9]{31}="]
- port: The port number the service listens on.
- block: A list of regex patterns to block packets matching these patterns.
Rename wireveil.toml.example
to wireveil.toml
and modify it as needed:
mv wireveil.toml.example wireveil.toml
-
Run the application:
sudo ./target/release/wireveil
-
The application will:
- Load the configuration file.
- Set up iptables rules to redirect packets to NFQueue.
- Start processing packets based on the defined rules.
-
To stop the application, press
Ctrl+C
. The iptables rules will be cleaned up automatically.
iptables: Bad rule (does a matching rule exist in that chain?)
Your system might not be running the nftables
backend.
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
WireVeil uses the tracing
crate for logging. You can configure the log level using the RUST_LOG
environment variable. For example:
RUST_LOG=debug sudo ./target/release/wireveil
Contributions are welcome! Feel free to open issues or submit pull requests on the GitHub repository.
This project is licensed under the MIT License. See the LICENSE file for details.
- Built with Rust and powered by NFQueue.
- Inspired by Firegex
- Using Mullvad's awesome nftnl-rs bindings for NFT.
- Implemented serpilliere's fix for the
nfqueue-rs
library