mertkarakuzu/nexus-firewall

# ⬡ NEXUS FIREWALL — 网络防御系统 v2.0 ## ✦ Nexus 与原型的主要区别 | Feature | Prototype | NexusFirewall v2.0 | |---|---|---| | Architecture | Single file, 300 lines | Modular (core / ui / utils), 2000+ lines | | Threat detection | DDoS counter only | Port scan, SYN flood, UDP flood, ICMP flood, payload inspection, connection spread | | Threat scoring | Binary (block/pass) | Decay-based continuous risk score (0–200) per IP | | Quarantine system | ❌ | ✓ Log-only mode for suspicious IPs before full block | | Rule types | IP:Port string | 13 rule types: CIDR, domain, protocol, rate-limit, time-based, custom | | Rule priorities | ❌ | ✓ Numeric priority, sorted pipeline | | Dashboard | Plain table | Live scrolling chart, protocol bar chart, animated threat gauge, top talkers | | Simulation mode | ❌ | ✓ Synthetic traffic generation when WinDivert unavailable | | Context menus | ❌ | ✓ Right-click → quick block / whitelist / risk check | | Export | ❌ | ✓ JSON rule export | | Domain blocking | DNS resolve + set | DNS cache with TTL, preset lists (social, ads, malware) | | Logging | File only | Structured HTML in-app log + file, filterable by level | | Attack signatures | ❌ | SQL injection, XSS, shellcode payload patterns | | UI theme | Basic dark | Military HUD with custom QPainter charts | ## ✦ 架构 ``` NexusFirewall/ ├── main.py Entry point ├── requirements.txt ├── core/ │ ├── firewall_engine.py Pure logic: RuleEngine, ThreatIntelligence, │ │ StatisticsTracker, FirewallLogger, FirewallCore │ └── worker.py QThread: pydivert capture ↔ FirewallCore bridge │ + Simulation mode └── ui/ ├── main_window.py NexusFirewallWindow + all custom widgets: │ LiveChartWidget, ProtoBarWidget, │ ThreatMeterWidget, RecentThreatWidget └── widgets.py Re-export shim ``` ## ✦ 威胁检测流水线 每个数据包按顺序流经此流水线： ``` Packet received │ ├─ 1. Auto-block check → instantly drop if IP is in blacklist ├─ 2. Quarantine check → log-only if IP is in quarantine ├─ 3. Rule engine match → priority-sorted rule table │ ├─ CIDR check → 10.x.x.x / 192.168.x.x allowlists │ ├─ Domain filter → DNS-resolved domain blocks │ └─ Rule table → IP, port, protocol, CIDR, custom patterns ├─ 4. Threat intelligence │ ├─ Port scan → unique DST ports per source IP │ ├─ SYN flood → SYN/s counter (>500/s = HIGH) │ ├─ UDP flood → UDP/s counter (>1000/s = HIGH) │ ├─ ICMP flood → ICMP/s counter (>100/s = MEDIUM) │ ├─ Malicious port → known C2/backdoor ports │ ├─ Payload patterns → SQL, XSS, shellcode signatures │ └─ Host spread → unique dest IPs per source ├─ 5. Risk scoring → decay-weighted continuous score ├─ 6. Auto-mitigation → CRITICAL → block, HIGH → quarantine └─ 7. Statistics + logging ``` ## ✦ 规则类型 | Type | Example Value | Use Case | |---|---|---| | `ip_block` | `185.220.101.1` | Block a single IP | | `ip_allow` | `10.0.0.5` | Whitelist a trusted host | | `port_block` | `4444` | Block a malicious port | | `port_allow` | `443` | Explicitly allow HTTPS | | `proto_block` | `UDP` | Drop all UDP traffic | | `cidr_block` | `185.220.0.0/16` | Block a subnet | | `cidr_allow` | `192.168.0.0/16` | LAN allowlist | | `domain_block` | `malware.com` | Block by domain (auto-resolved) | | `country_block` | `CN` | *(future)* Country-level block via GeoIP | | `payload_filter` | `DROP TABLE` | Keyword payload match | | `rate_limit` | `100` | *(future)* Packets/s limit per IP | | `time_based` | `00:00-06:00` | *(future)* Time-window rule | | `custom` | `192.168.1.1:80` | IP:Port combined rule | ## ✦ 安装 ### 系统要求 - Windows 10/11 (64-bit) - Python 3.10+ - Administrator privileges (for WinDivert capture) ### 步骤 ``` # Clone / download 项目 cd NexusFirewall # 安装依赖 pip install -r requirements.txt # 以管理员身份运行 python main.py ``` ## ✦ UI 标签页 | Tab | Contents | |---|---| | **Dashboard** | Live PPS chart, protocol bars, threat gauge, top talkers, recent threats | | **Live Traffic** | Scrolling packet table with filter bar, proto/action filters, context menu | | **Rule Engine** | Full rule table, priority editor, add/remove/toggle/export | | **Threat Intel** | Threat event log, IP risk lookup, auto-blocked IP list | | **Domain Filter** | Blocked domain table, quick-add form, preset block lists | | **System Logs** | Color-coded log stream filterable by level and search term | ## ✦ 键盘快捷键 (计划中) | Key | Action | |---|---| | `F5` | Start firewall | | `F6` | Stop firewall | | `Ctrl+F` | Focus filter bar | | `Del` | Delete selected rule | ## ✦ 法律声明 本软件旨在供**网络管理员和安全专业人员**用于保护其拥有或获得明确授权监控的系统。未经授权拦截网络流量在您所在的司法管辖区可能属于违法行为。请负责任地使用。 *NexusFirewall v2.0 · Built with PyQt5 · MIT License*

标签：CISA项目, DDoS防护, PyDivert, PyQt, Python, SQL注入防御, TCP/UDP协议, WinDivert, Windows防火墙, XSS防御, 代码注入, 军事级UI, 军用风格界面, 包检测, 威胁情报, 密码管理, 开发者工具, 恶意软件防护, 插件系统, 数据包过滤, 无后门, 桌面应用, 流量监控, 渗透测试防御, 端口扫描检测, 网络安全, 网络流量分析, 网络防御系统, 逆向工具, 防火墙, 隐私保护, 风险评分