ebpf-fw

Requires Linux >= 4.10 (ie. CentOS 8 or Ubuntu 17.04).

Requirements

Building requires the following on CentOS 8: yum install -y clang llvm go or on Ubuntu: apt install -y clang llvm golang make

cgroup2 FS must be mounted. By default it looks for it on /sys/fs/cgroup/unified but if it's not mounted there you can do:

sudo mkdir /mnt/cgroup2
sudo mount -t cgroup2 none /mnt/cgroup2

and change the path to /mnt/cgroup2 in ebpf-fw.go

make

All must run as root.

Configure rules:

./conf/rule.json

Load eBPF with: ./ebpf-fw load

Unload eBPF with: ./ebpf-fw unload

Show tracked connections with: ./ebpf-fw show

Issue rule: ./ebpf-fw issue

Revoke rule: ./ebpf-fw revoke

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
conf		conf
ebpf		ebpf
Makefile		Makefile
README.md		README.md
ebpf-fw.go		ebpf-fw.go
go.mod		go.mod
go.sum		go.sum
rule.go		rule.go
rule_test.go		rule_test.go