Giter VIP home page Giter VIP logo

lisg's Introduction

Linux ISG

This repo is fork of Linux ISG project from Oleg A. Arkhangelsky.

It is based on a non-original copy of source code recovered from old archive. Previously this code was published under GNU License so there is no problem to restore it in public.

Changes

  • Restore (write from scratch) match userspace library because it was lost during recovery
  • Linux kernel version 4.19+ is supported

TODO

  • The code is really full of global spinlocks and currently do not scale well on multi-CPU servers. I will try to rewrite it with a new lockless techniques in future.
  • A userspace daemon should be rewritten because perl is not fast enought in case of creating lots of new sessions per second.
  • IPv6 support is fully absent. I think that shoud be fixed.

INSTALL

cd /opt
git clone https://github.com/junjunk/lisg.git

apt install -y linux-headers-$(uname -r) iptables-dev build-essential
OR
apt-get -y install linux-headers-$(uname -r) iptables-dev build-essential

cpan install Net::Radius::Packet

chmod 777 /opt/lisg/kernel/configure && /opt/lisg/kernel/configure && make clean && make && make install
modprobe ipt_ISG
echo ipt_ISG >> /etc/modules

traffic is not dropping during the authorization of freeradius:
modprobe ipt_ISG tg_deny_action=1

Usage

Session initiation and shaping

Use iptables to setup rules in FORWARD chain to specify how to init session

iptables -A FORWARD -s 192.0.0.0/24 -j ISG --session-init
iptables -A FORWARD -d 192.0.0.0/24 -j ISG

This commands will advise ISG module to initiate session for every IP address from 192.0.0.0/24 network and to policy traffic to 192.0.0.0/24 network in case of active session

Redirect to authorization

uncomment on the config.pl

#$cfg{unauth_service_name_list} = [ "AREDIR" ];

#$cfg{srv}{REDIR}{type} = "tagger";

#$cfg{srv}{REDIR}{traffic_classes} = [ "ALL_OTHER" ];

-A PREROUTING -m isg --service-name REDIR -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 192.168.0.1

This command will make DNAT for every HTTP packet that found in ISG with service REDIRECT. Possible usage to redirect to authorization web-site.

Additional documentation can be found by your favorite search engine

lisg's People

Contributors

leoelan avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

vvfedorenko is1581 yuriykulakov admf ttpartizan

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.