~speguero/sirubo

Blocks outbound tech conglomerate (AS) network traffic. 🐡🐧
0bc15120 — Steven Peguero 1 year, 4 months ago
sirubo, readme, Makefile: clean codebase, change opts
0f928c2e — Steven Peguero 1 year, 9 months ago
readme: update as markdown, include gif demo

clone

read-only
https://git.sr.ht/~speguero/sirubo
read/write
git@git.sr.ht:~speguero/sirubo

You can also use your local clone with git send-email.

sirubo

Blocks outbound tech conglomerate (AS) network traffic.

builds.sr.ht status



#Table of Contents


#Usage

sirubo [c|create] [h|halt|stop] [r|resume] [s|show]

Command Description
c create Create and start ruleset enforcement and persistence.
h halt stop Stop ruleset enforcement and persistence.
r resume Resume ruleset enforcement and persistence.
s show Show ruleset.

#Description

The sirubo utility is a POSIX shell script that makes use of:

  • Transport-layer packet filtering; in particular, nftables on Linux and pf on OpenBSD, to facilitate the rejection of outgoing traffic to autonomous system network, or ASN, prefixes (subnets).

  • whois, to perform a query for ASN prefixes (subnets).


#Requirements

Linux OpenBSD
nftables pf
whois whois
systemd

#Motive

Preventing passive and nonconsensual telemetry, and the infringement of one's privacy thereafter, from intrusively inquisitive big tech conglomerates, such as Meta (Facebook) and Alphabet (Google).


#Install

  1. Install sirubo:
sudo make install
  1. To illustrate, add the following ASN to /usr/local/etc/sirubo.conf:
AS32934 # Google
  1. Create a new firewall ruleset:
sirubo c
  1. Test your newly created firewall ruleset:
nc -vw 1 google.com 443

The command should print a message similar to this:

nc: connect to google.com (0.0.0.0) port 443 (tcp) failed: Connection refused

This will indicate that your operating system firewall is configured to reject all outbound traffic directed at Google's ASN prefixes.


#Uninstall

  1. Within this repository, uninstall sirubo:
make uninstall

Or, optionally, uninstall sirubo and delete its configuration files:

make clean

#Files

#Programs

  • /usr/local/bin/sirubo - The utility itself.

#Configurations

  • /usr/local/etc/sirubo.conf - Contains ASNs that you, the user, specify for rejection.
  • /usr/local/etc/sirubo.ruleset - Contains a cached firewall ruleset.
  • /usr/local/etc/sirubo.ruleset.backup - Contains a defunct firewall ruleset that is reserved as a backup when creating a new ruleset manually or automatically.

#Services

  • /etc/systemd/system/sirubo.service (Linux) - A service that facilitates firewall ruleset persistency and automatic ruleset updates with every operating system reboot.

  • /etc/rc.d/sirubo (OpenBSD) - A service that facilitates firewall ruleset persistency and automatic ruleset updates with every operating system reboot.


#License

See the LICENSE file for details.