OpenGFW is a flexible, easy-to-use, open source implementation of GFW on Linux OpenGFW 是 GFW 在 Linux 上的灵活、易于使用的开源实现
Go to file
Toby 245ac46b65
Merge pull request #130 from apernet/fix-geo-leak
fix: do not reload geoip/geosite when reloading ruleset to prevent leaking references to streams
2024-04-10 22:57:18 -07:00
.github/workflows ci: rework release workflow 2024-04-01 20:54:24 -07:00
analyzer Merge pull request #114 from KujouRinka/feat-openvpn 2024-04-01 20:47:30 -07:00
cmd fix: do not reload geoip/geosite when reloading ruleset to prevent leaking references to streams 2024-04-10 21:30:37 -07:00
docs docs: move to website 2024-03-29 13:06:29 -07:00
engine feat: TCP timeout flush 2024-04-08 11:54:35 -07:00
io feat: added protected dial support, removed multi-IO support for simplicity 2024-04-06 14:42:45 -07:00
modifier first 2024-01-19 16:45:01 -08:00
ruleset fix: do not reload geoip/geosite when reloading ruleset to prevent leaking references to streams 2024-04-10 21:30:37 -07:00
.gitignore docs: move to website 2024-03-29 13:06:29 -07:00
go.mod feat: dns lookup function 2024-04-03 20:02:57 -07:00
go.sum feat: dns lookup function 2024-04-03 20:02:57 -07:00
LICENSE first 2024-01-19 16:45:01 -08:00
main.go first 2024-01-19 16:45:01 -08:00
README.ja.md docs: update readme feature list 2024-04-01 21:49:06 -07:00
README.md docs: update readme feature list 2024-04-01 21:49:06 -07:00
README.zh.md docs: update readme feature list 2024-04-01 21:49:06 -07:00

OpenGFW

Quality check status License

中文文档 日本語ドキュメント

OpenGFW is your very own DIY Great Firewall of China (https://en.wikipedia.org/wiki/Great_Firewall), available as a flexible, easy-to-use open source program on Linux. Why let the powers that be have all the fun? It's time to give power to the people and democratize censorship. Bring the thrill of cyber-sovereignty right into your home router and start filtering like a pro - you too can play Big Brother.

Documentation site: https://gfw.dev/

Telegram group: https://t.me/OpGFW

Caution

This project is still in very early stages of development. Use at your own risk. We are looking for contributors to help us improve and expand the project.

Features

  • Full IP/TCP reassembly, various protocol analyzers
    • HTTP, TLS, QUIC, DNS, SSH, SOCKS4/5, WireGuard, OpenVPN, and many more to come
    • "Fully encrypted traffic" detection for Shadowsocks, VMess, etc. (https://gfw.report/publications/usenixsecurity23/en/)
    • Trojan (proxy protocol) detection
    • [WIP] Machine learning based traffic classification
  • Full IPv4 and IPv6 support
  • Flow-based multicore load balancing
  • Connection offloading
  • Powerful rule engine based on expr
  • Hot-reloadable rules (send SIGHUP to reload)
  • Flexible analyzer & modifier framework
  • Extensible IO implementation (only NFQueue for now)
  • [WIP] Web UI

Use cases

  • Ad blocking
  • Parental control
  • Malware protection
  • Abuse prevention for VPN/proxy services
  • Traffic analysis (log only mode)
  • Help you fulfill your dictatorial ambitions