wichmann/dssd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Dumbing Smart Shit Down
2 commits 1 branch 0 tags 36 KiB
  • Python 90.9%
  • Makefile 9.1%
Find a file
Exact
Christian Wichmann 7cf9693ddb Provide CLI interface to monitor connections attemps from firewall logs and output statistics.
2025-12-14 18:23:50 +01:00
.gitignore Create script and service to control Linux firewall by IPC. 2025-12-14 18:22:31 +01:00
fwctrl.py Create script and service to control Linux firewall by IPC. 2025-12-14 18:22:31 +01:00
fwctrl.service Create script and service to control Linux firewall by IPC. 2025-12-14 18:22:31 +01:00
LICENSE Provide CLI interface to monitor connections attemps from firewall logs and output statistics. 2025-12-14 18:23:50 +01:00
main.py Provide CLI interface to monitor connections attemps from firewall logs and output statistics. 2025-12-14 18:23:50 +01:00
Makefile Create script and service to control Linux firewall by IPC. 2025-12-14 18:22:31 +01:00
pyproject.toml Provide CLI interface to monitor connections attemps from firewall logs and output statistics. 2025-12-14 18:23:50 +01:00
README.md Provide CLI interface to monitor connections attemps from firewall logs and output statistics. 2025-12-14 18:23:50 +01:00
requirements.txt Create script and service to control Linux firewall by IPC. 2025-12-14 18:22:31 +01:00

README.md

Dumbing Smart Shit Down

Monitors blocked connection attempts on a Linux firewall (iptables/ip6tables). By default, all inbound and outbound traffic is blocked; every attempt is logged and visualized live. Exemptions can be granted dynamically based on a domain whitelist.

Features

  • Full block (DROP) for INPUT/OUTPUT/FORWARD (IPv4 + IPv6)
  • Real-time monitoring via journalctl -k -f
  • CLI output and Web UI (Flask + Socket.IO)
  • Reverse DNS (RDNS) with domain display
  • Domain whitelist with wildcards (example.com, *.example.com, .example.com)
  • Automatically allow destination IPs belonging to whitelisted domains
  • Separation of monitoring (user) and firewall control (root service)

Project Structure

  • main.py Monitoring, RDNS, whitelist logic, controller client
  • fwctrl.py System service: manages iptables/ip6tables rules, listener
  • app.py Flask Web App with Socket.IO streaming and stats
  • templates/index.html Web UI
  • fwctrl.service systemd service definition for the root controller
  • Makefile Service installation/management

Requirements

  • Linux with systemd
  • iptables/ip6tables
  • Python 3.12+
  • Root privileges to manage firewall rules

Install the Root Service

# Run as root
sudo make install
# Start service
sudo make start
# Status/Logs
sudo make status
make logs

The service runs from /opt/dssd and listens on 127.0.0.1:6000 via multiprocessing.connection.Listener. Configure the auth secret with FWCTRL_AUTH (see fwctrl.service).

CLI Monitor with Whitelist

A whitelist file contains one domain per line (# comments allowed). Wildcards are supported.

Example whitelist.txt:

# Exact
example.com
# Wildcards
*.github.com
.cloudflare.com

Start the monitor:

python3 main.py --whitelist whitelist.txt
  • Shows only blocked outbound connections
  • Performs RDNS and domain resolution
  • If the destination domain matches the whitelist, resolve its IPs and send them to the root controller (allow_ip) which applies appropriate iptables/ip6tables rules.

Security & Operations

  • The firewall controller (fwctrl.py) must run as root.
  • The monitor may run with root; it primarily needs access to journalctl -k.
  • DNS (port 53, UDP/TCP) is allowed so RDNS and domain resolution work.
  • Adjust fwctrl.service as needed (path, auth key, working directory).

Useful Commands

# Current iptables rules
sudo iptables -L -v -n --line-numbers
sudo ip6tables -L -v -n --line-numbers

# Kernel logs
sudo journalctl -k -f

License

See LICENSE in the project root.