DynFi Firewall Source Code
The DynFi Firewall source code is divided into several sections, each section plays a specific role and is linked to the other sections, allowing the entire firewall to be compiled independently. The objective of our project is to allow building a firewall using simpler and more modern compiling methods than the one proposed by OPNsense®.
To do this we have reworked the entire build process using Poudriere which is used by FreeBSD to build many packages and to build the entire FreeBSD system.
Access all source code published by DynFiDynFi Build
This is a collection of build scripts that allows you to build DynFi Firewall.
- build_base.sh
- build_pacakges.sh
- build_installer.sh
- build_poudriere.sh
- build_sync.sh`
FreeBSD-Base
The FreeBSD source code needed to build the system.
FreeBSD source code used for the buildDynFi Overlay
This overlay is to be used with FreeBSD ports and allows you to build the software needed to build DynFi Firewall.
Overlay needed to build DynFi FirewallDynFi OPNsense-core
DynFi Core is based on opensense-core, but has many additional changes and notably a greatly revised GUI.
DynFi GUI and system managementHow to build DynFi Firewall
First, you need to get all the necessary repositories:
- the FreeBSD repository used by DynFi Firewall: https://github.com/DynFi/FreeBSD-base
- the DynFi Firewall ports repository : https://github.com/DynFi/opnsense-core
- the Poudriere overlay needed to build DynFi Firewall: https://github.com/DynFi/dynfi-overlay
We encourage you to read the different readme provided in each section.
The file you need to modify is common.subr, and the interesting values are:
- OVERLAY_PORTS - is a directory where the dynfi-overlay repo is located
- FBSD_TREE` - is a directory where the FreeBSD directory is located
Next, you can use a build_base.sh script to build the kernel and FreeBSD world.
The next step is to build the packages. The build_packages.sh script is responsible for this.
When you have a package, the kernel and the world, you can build the installation with build_installer.sh.
Finally, you can push the required repository to a remote server with the build_sync.sh script.
DynFi GUI and system management
FreeBSD source code used for build
Overlay needed for DynFi Firewall build
The DynFiltering R&D Project
DynFiltering is a research and development project that was initiated by DynFi with Ecole Centrale Supelec. The objective of this project is to explore the possibilities offered by large-scale filtering based on the SSL fingerprint from the certificate signature.
The various scripts and tools found in this project allow to analyze a large number of URLs, to efficiently save SSL signatures in a database and to produce lists of SSL fingerprints ready to be imported into Suricata.
Scaling up and in particular including several tens of thousands of signatures in Suricata still seems problematic at this stage. Further testing needs to be done to find optimized methods of including these rules.
DynFiltering projectDynFi Manager Connection Agents source code
DynFi Manager allows the use of Connection Agents deployed on firewalls that allow the firewall to bridge the connection to the Manager. This is particularly useful in cases where the firewall is deployed behind a firewall or uses NAT.
Here we give access to the source code of the client part of the connection agent:
Source code DynFi DFConAgOPNsense Connection Agent
Source Code DynFi DFConAgPfSense Connection Agent