[SlowARG]

Nobody's Firewall
Simple firewall that protect your server against query/cookie flood.

Current version: 0.1 BETA FIX #2.

••• Description •••
Nobody Firewall (aka nfwall) is a simple —but powerful— firewall for SA-MP that protect your server against query flood/cookie flood attacks.

••• Why? •••
I didn't program for some years ago and i've retired from SA-MP. Recently a friend asked me for help with pawn and... I don't know, simply i want'd to program in C again and i noticed that the actual anti 'server full' attacks haven't been updated for some months, so i decided to work in a new firewall that protect the servers against known query flood and the cookie flood for SA-MP 0.3.7.

••• Features •••
• Open Source.
• Programmed purely in C.
• Use lipbcap.
• Ban logs.
• Debug mode.
• Actually runs only on Linux (i will relese a multi-so version soon).

••• Dependences •••
• libpcap. (https://github.com/the-tcpdump-group/libpcap)

••• Downloads •••
https://github.com/n0bodysec/NobodyFirewall
Licensed under GNU General Public License v3.

••• Special thanks •••
• n3ptun0 (aka Stella) for his firewall for SA-MP 0.3e.
• Silver Moon for his base code.


Y̶u̶p̶,̶ ̶a̶ ̶p̶o̶o̶r̶ ̶p̶o̶s̶t̶.̶

Greetings!
Nobody.

[Ouizzane]

Impressive, we wait for the new version for windows with impatience.

[azzerking]

Cool Idea,

But one problem is the loopback address can be faked, and any experienced programmer with some hacking knowledge will know this.

Don't ignore any address, treat all as a possible threat.

I am an experienced Ethical Hacker / Software and Network Engineer and I myself have made the same mistake a couple of years ago, so maybe update the code to not ignore the loopback address.

[denNorske]

Nice - I kinda of need this at the moment, but whenever I try to make it (and after installing all the dependencies prior to trying), i get this output while "make":

Code:

~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:3: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
   ^
nfwall.c: In function ‘ProcessSAMPPacket’:
nfwall.c:179:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c:179:3: note: use option -std=c99 or -std=gnu99 to compile your code
nfwall.c: In function ‘ProcessCookiePacket’:
nfwall.c:205:3: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
   for (int i = 0; i < STRUCT_NUMBER; i++)
   ^
nfwall.c: In function ‘CheckIfExists’:
nfwall.c:236:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
nfwall.c: In function ‘threadReload’:
nfwall.c:246:2: error: ‘for’ loop initial declarations are only allowed in C99 m                                                               ode
  for (int i = 0; i < STRUCT_NUMBER; i++)
  ^
make: *** [all] Error 1

Any idea if this is system or code related issue?

[azzerking]

Quote:

Originally Posted by denNorske Nice - I kinda of need this at the moment, but whenever I try to make it (and after installing all the dependencies prior to trying), i get this output while "make": Code: ~/NobodyFirewall# make gcc -lpcap -lpthread nfwall.c -o nfwall nfwall.c: In function ‘main’: nfwall.c:96:3: warning: too many arguments for format [-Wformat-extra-args] printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]); ^ nfwall.c: In function ‘ProcessSAMPPacket’: nfwall.c:179:3: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ nfwall.c:179:3: note: use option -std=c99 or -std=gnu99 to compile your code nfwall.c: In function ‘ProcessCookiePacket’: nfwall.c:205:3: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ nfwall.c: In function ‘CheckIfExists’: nfwall.c:236:2: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ nfwall.c: In function ‘threadReload’: nfwall.c:246:2: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ make: *** [all] Error 1 Any idea if this is system or code related issue?

What version of gcc do you currently have installed?

Also you can just add '-std=c99' to the makefile in order to invoke a C99 compiler.

Calling /usr/bin/c99 instead of /usr/bin/gcc on an Ubuntu system, this points to a script which invokes gcc after having added the -std=c99 flag, which is precisely what you want

[blackgangs]

Code:

~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
make: gcc: Command not found
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 127

any idea?

[azzerking]

Quote:

Originally Posted by blackgangs Code: ~/NobodyFirewall# make gcc -lpcap -lpthread nfwall.c -o nfwall make: gcc: Command not found Makefile:2: recipe for target 'all' failed make: *** [all] Error 127 any idea?

You need to install gcc

depending on what version of your OS supports.

apt-get install gcc-*.* ( replacing * with the version of gcc, you wish to install)

[denNorske]

Quote:

Originally Posted by azzerking What version of gcc do you currently have installed? Also you can just add '-std=c99' to the makefile in order to invoke a C99 compiler. Calling /usr/bin/c99 instead of /usr/bin/gcc on an Ubuntu system, this points to a script which invokes gcc after having added the -std=c99 flag, which is precisely what you want

Thanks, I'll give it a try

[blackgangs]

Code:

~/NobodyFirewall# make
gcc -lpcap -lpthread nfwall.c -o nfwall
nfwall.c: In function ‘main’:
nfwall.c:96:10: warning: too many arguments for format [-Wformat-extra-args]
   printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]);
          ^
/tmp/ccjeHIRl.o: In function `main':
nfwall.c:(.text+0x4b): undefined reference to `pthread_create'
nfwall.c:(.text+0x1ca): undefined reference to `pcap_findalldevs'
nfwall.c:(.text+0x23c): undefined reference to `pcap_open_live'
nfwall.c:(.text+0x295): undefined reference to `pcap_setdirection'
nfwall.c:(.text+0x2b3): undefined reference to `pcap_loop'
collect2: error: ld returned 1 exit status
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 1

another problem came..

[SlowARG]

Quote:

Originally Posted by denNorske Nice - I kinda of need this at the moment, but whenever I try to make it (and after installing all the dependencies prior to trying), i get this output while "make": Code: ~/NobodyFirewall# make gcc -lpcap -lpthread nfwall.c -o nfwall nfwall.c: In function ‘main’: nfwall.c:96:3: warning: too many arguments for format [-Wformat-extra-args] printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]); ^ nfwall.c: In function ‘ProcessSAMPPacket’: nfwall.c:179:3: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ nfwall.c:179:3: note: use option -std=c99 or -std=gnu99 to compile your code nfwall.c: In function ‘ProcessCookiePacket’: nfwall.c:205:3: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ nfwall.c: In function ‘CheckIfExists’: nfwall.c:236:2: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ nfwall.c: In function ‘threadReload’: nfwall.c:246:2: error: ‘for’ loop initial declarations are only allowed in C99 m ode for (int i = 0; i < STRUCT_NUMBER; i++) ^ make: *** [all] Error 1 Any idea if this is system or code related issue?

Try the new version i uploaded right now, you don't need to use c99 compiler.

Quote:

Originally Posted by blackgangs Code: ~/NobodyFirewall# make gcc -lpcap -lpthread nfwall.c -o nfwall nfwall.c: In function ‘main’: nfwall.c:96:10: warning: too many arguments for format [-Wformat-extra-args] printf("[!] Warning: Using default interface: \"%s\".\n\n", iface, argv[0]); ^ /tmp/ccjeHIRl.o: In function `main': nfwall.c:(.text+0x4b): undefined reference to `pthread_create' nfwall.c:(.text+0x1ca): undefined reference to `pcap_findalldevs' nfwall.c:(.text+0x23c): undefined reference to `pcap_open_live' nfwall.c:(.text+0x295): undefined reference to `pcap_setdirection' nfwall.c:(.text+0x2b3): undefined reference to `pcap_loop' collect2: error: ld returned 1 exit status Makefile:2: recipe for target 'all' failed make: *** [all] Error 1 another problem came..

Try to use -pthread instead of -lpthread in Makefile. Anyway, i edited Makefile in the new version, you can try with it.

Quote:

Originally Posted by azzerking Cool Idea, But one problem is the loopback address can be faked, and any experienced programmer with some hacking knowledge will know this. Don't ignore any address, treat all as a possible threat. I am an experienced Ethical Hacker / Software and Network Engineer and I myself have made the same mistake a couple of years ago, so maybe update the code to not ignore the loopback address.

Take a look to Martian packet and Bogon filtering.

Best Regards!

[azzerking]

Quote:

Originally Posted by SlowARG Try the new version i uploaded right now, you don't need to use c99 compiler. Try to use -pthread instead of -lpthread in Makefile. Anyway, i edited Makefile in the new version, you can try with it. Take a look to Martian packet and Bogon filtering. Best Regards!

Whoops, I apologize I overlooked the part of code where you were using this system. I am aware of this type of filtering, something I had to learn a few years ago when I first starting working for IBM.

Good Work, though.

[SlowARG]

Quote:

Originally Posted by azzerking Whoops, I apologize I overlooked the part of code where you were using this system. I am aware of this type of filtering, something I had to learn a few years ago when I first starting working for IBM. Good Work, though.

No problem, anyway thank you for the suggestion.

Regards.

[RDM]

Quote:

Originally Posted by SlowARG Nobody's Firewall Simple firewall that protect your server against query/cookie flood. Current version: 0.1 BETA FIX #2. ••• Description ••• Nobody Firewall (aka nfwall) is a simple —but powerful— firewall for SA-MP that protect your server against query flood/cookie flood attacks. ••• Why? ••• I didn't program for some years ago and i've retired from SA-MP. Recently a friend asked me for help with pawn and... I don't know, simply i want'd to program in C again and i noticed that the actual anti 'server full' attacks haven't been updated for some months, so i decided to work in a new firewall that protect the servers against known query flood and the cookie flood for SA-MP 0.3.7. ••• Features ••• • Open Source. • Programmed purely in C. • Use lipbcap. • Ban logs. • Debug mode. • Actually runs only on Linux (i will relese a multi-so version soon). ••• Dependences ••• • libpcap. (https://github.com/the-tcpdump-group/libpcap) ••• Downloads ••• https://github.com/n0bodysec/NobodyFirewall Licensed under GNU General Public License v3. ••• Special thanks ••• • n3ptun0 (aka Stella) for his firewall for SA-MP 0.3e. • Silver Moon for his base code. Y̶u̶p̶,̶ ̶a̶ ̶p̶o̶o̶r̶ ̶p̶o̶s̶t̶.̶ Greetings! Nobody.

I think this is a bit unnecessary since it is possible to do the control you did using iptables with the recent module!

But anyway congratulations! Good job !

[SlowARG]

Quote:

Originally Posted by RDM I think this is a bit unnecessary since it is possible to do the control you did using iptables with the recent module! But anyway congratulations! Good job !

Yeah, you are right, but i prefer to control my network packets with C, it has a little advantages.

For example, it works for each port and not only for 7777 and regex isn't necessary.
Anyway, it's so good to show all possibilities to mitigate an attack.

Thank you!
Regards.