~speguero/sirubo

sirubo/README -rw-r--r-- 3.4 KiB
2a1a8ae7 — Steven Peguero readme: clarify motive and name origin 9 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
                                 SIRUBO

      ASN prefix (big tech conglomerate) outbound traffic blocker.

------------------------------------------------------------------------

TABLE OF CONTENTS
=================

├── Synopsis
├── Description
├── Requirements
├── Motive
├── Name Origin
├── Install
├── Uninstall
├── Files
│   ├── Programs
│   ├── Configuration Files
│   └── Services
├── Screencaps
└── License


SYNOPSIS
========

sirubo [-c] [-f] [-r] [-s]

  -c    Create firewall ruleset and ruleset persistency service.

  -f    Show cached firewall ruleset.

  -r    Resume enforcement of cached firewall ruleset and enable ruleset
        persistency service.

  -s    Disable cached firewall ruleset and ruleset persistency service.


DESCRIPTION
===========

The sirubo utility is a POSIX shell script that makes use of:

  - Transport-layer packet filtering; in particular, nftables on Linux
    and pf on OpenBSD, to facilitate the rejection of outgoing traffic
    to autonomous system network, or ASN, prefixes (subnets).

  - whois, to perform a query for ASN prefixes (subnets).


REQUIREMENTS
============

  Linux    | OpenBSD
  -----    | -------
  nftables | pf
  whois    | whois
  systemd  |


MOTIVE
======

Preventing passive and nonconsensual telemetry, and the infringement of
one's privacy thereafter, from intrusively inquisitive big tech
conglomerates, such as Meta (Facebook) and Alphabet (Google).


NAME ORIGIN
===========

Dissecting the etymology of sirubo (pronounced as seer-rue-bow), "si"
refers to the silicon chemical symbol of "Si", referencing Silicon Valley.
The word "rubo" derives from the Esperanto language, meaning "trash".


INSTALL
=======

1) Install sirubo:

% sudo make install


2) To illustrate, add the following ASN to /usr/local/etc/sirubo.conf:

AS32934 # Google


3) Create a new firewall ruleset:

% sirubo -c


4) Test your newly created firewall ruleset:

% nc -vw 1 google.com 443

   The command should print a message similar to this:

> nc: connect to google.com (0.0.0.0) port 443 (tcp) failed: Connection
> refused

   This will indicate that your operating system firewall is configured
   to reject all outbound traffic directed at Google's ASN prefixes.


UNINSTALL
=========

1) Within this repository, uninstall sirubo:

% make uninstall

   Or, optionally, uninstall sirubo and delete its configuration files:

% make clean


FILES
=====

  Programs
  --------

  - /usr/local/bin/sirubo
        The utility itself.


  Configuration Files
  -------------------

  - /usr/local/etc/sirubo.conf
        Contains ASNs that you, the user, specify for rejection.

  - /usr/local/etc/sirubo.ruleset
        Contains a cached firewall ruleset.

  - /usr/local/etc/sirubo.ruleset.backup
        Contains a defunct firewall ruleset that is reserved as a backup
        when creating a new ruleset manually or automatically.


  Services
  --------

  - /etc/systemd/system/sirubo.service (Linux)
        A service that facilitates firewall ruleset persistency and
        automatic ruleset updates with every operating system reboot.

  - /etc/rc.d/sirubo (OpenBSD)
        A service that facilitates firewall ruleset persistency and
        automatic ruleset updates with every operating system reboot.


SCREENCAPS
==========

Visit the contrib/ directory for recorded illustrations of this utility
in GIF format.


LICENSE
=======

See the LICENSE file for details.