OpenGFW is a flexible, easy-to-use, open source implementation of GFW on Linux
OpenGFW 是 GFW 在 Linux 上的灵活、易于使用的开源实现
245ac46b65
fix: do not reload geoip/geosite when reloading ruleset to prevent leaking references to streams |
||
|---|---|---|
| .github/workflows | ||
| analyzer | ||
| cmd | ||
| docs | ||
| engine | ||
| io | ||
| modifier | ||
| ruleset | ||
| .gitignore | ||
| LICENSE | ||
| README.ja.md | ||
| README.md | ||
| README.zh.md | ||
| go.mod | ||
| go.sum | ||
| main.go | ||
README.md
OpenGFW is your very own DIY Great Firewall of China (https://en.wikipedia.org/wiki/Great_Firewall), available as a flexible, easy-to-use open source program on Linux. Why let the powers that be have all the fun? It's time to give power to the people and democratize censorship. Bring the thrill of cyber-sovereignty right into your home router and start filtering like a pro - you too can play Big Brother.
Documentation site: https://gfw.dev/
Telegram group: https://t.me/OpGFW
[!CAUTION] This project is still in very early stages of development. Use at your own risk. We are looking for contributors to help us improve and expand the project.
Features
- Full IP/TCP reassembly, various protocol analyzers
- HTTP, TLS, QUIC, DNS, SSH, SOCKS4/5, WireGuard, OpenVPN, and many more to come
- "Fully encrypted traffic" detection for Shadowsocks, VMess, etc. (https://gfw.report/publications/usenixsecurity23/en/)
- Trojan (proxy protocol) detection
- [WIP] Machine learning based traffic classification
- Full IPv4 and IPv6 support
- Flow-based multicore load balancing
- Connection offloading
- Powerful rule engine based on expr
- Hot-reloadable rules (send
SIGHUPto reload) - Flexible analyzer & modifier framework
- Extensible IO implementation (only NFQueue for now)
- [WIP] Web UI
Use cases
- Ad blocking
- Parental control
- Malware protection
- Abuse prevention for VPN/proxy services
- Traffic analysis (log only mode)
- Help you fulfill your dictatorial ambitions