The DynFi project source codes

DynFi Firewall Source Code

The DynFi Firewall source code is divided into several sections, each section plays a specific role and is linked to the other sections, allowing the entire firewall to be compiled independently. The objective of our project is to allow building a firewall using simpler and more modern compiling methods than the one proposed by OPNsense®.

To do this we have reworked the entire build process using Poudriere which is used by FreeBSD to build many packages and to build the entire FreeBSD system.

code  Access all source code published by DynFi

DynFi Build

This is a collection of build scripts that allows you to build DynFi Firewall.

  • build_base.sh
  • build_pacakges.sh
  • build_installer.sh
  • build_poudriere.sh
  • build_sync.sh`
code  DynFi Build source code

FreeBSD-Base

The FreeBSD source code needed to build the system.

code  FreeBSD source code used for the build

DynFi Overlay

This overlay is to be used with FreeBSD ports and allows you to build the software needed to build DynFi Firewall.

code  Overlay needed to build DynFi Firewall

DynFi OPNsense-core

DynFi Core is based on opensense-core, but has many additional changes and notably a greatly revised GUI.

code  DynFi GUI and system management

How to build DynFi Firewall

First, you need to get all the necessary repositories:

We encourage you to read the different readme provided in each section.

The file you need to modify is common.subr, and the interesting values are:

Next, you can use a build_base.sh script to build the kernel and FreeBSD world.

The next step is to build the packages. The build_packages.sh script is responsible for this. When you have a package, the kernel and the world, you can build the installation with build_installer.sh. Finally, you can push the required repository to a remote server with the build_sync.sh script.


code  DynFi GUI and system management

code  FreeBSD source code used for build

code  Overlay needed for DynFi Firewall build

The DynFiltering R&D Project

DynFiltering is a research and development project that was initiated by DynFi with Ecole Centrale Supelec. The objective of this project is to explore the possibilities offered by large-scale filtering based on the SSL fingerprint from the certificate signature.

The various scripts and tools found in this project allow to analyze a large number of URLs, to efficiently save SSL signatures in a database and to produce lists of SSL fingerprints ready to be imported into Suricata.

Scaling up and in particular including several tens of thousands of signatures in Suricata still seems problematic at this stage. Further testing needs to be done to find optimized methods of including these rules.

code  DynFiltering project

DynFi Manager Connection Agents source code

DynFi Manager allows the use of Connection Agents deployed on firewalls that allow the firewall to bridge the connection to the Manager. This is particularly useful in cases where the firewall is deployed behind a firewall or uses NAT.

Here we give access to the source code of the client part of the connection agent:


code  Source code DynFi DFConAgOPNsense Connection Agent

code  Source Code DynFi DFConAgPfSense Connection Agent