~speguero/sirubo

Blocks big tech conglomerate outbound network traffic

2a1a8ae readme: clarify motive and name origin

~speguero pushed to ~speguero/sirubo git

8 days ago

a84042f readme: clarify motive and name origin

~speguero pushed to ~speguero/sirubo git

8 days ago
View project feed  
                                 SIRUBO

      ASN prefix (big tech conglomerate) outbound traffic blocker.

------------------------------------------------------------------------

TABLE OF CONTENTS
=================

├── Synopsis
├── Description
├── Requirements
├── Motive
├── Name Origin
├── Install
├── Uninstall
├── Files
│   ├── Programs
│   ├── Configuration Files
│   └── Services
├── Screencaps
└── License


SYNOPSIS
========

sirubo [-c] [-f] [-r] [-s]

  -c    Create firewall ruleset and ruleset persistency service.

  -f    Show cached firewall ruleset.

  -r    Resume enforcement of cached firewall ruleset and enable ruleset
        persistency service.

  -s    Disable cached firewall ruleset and ruleset persistency service.


DESCRIPTION
===========

The sirubo utility is a POSIX shell script that makes use of:

  - Transport-layer packet filtering; in particular, nftables on Linux
    and pf on OpenBSD, to facilitate the rejection of outgoing traffic
    to autonomous system network, or ASN, prefixes (subnets).

  - whois, to perform a query for ASN prefixes (subnets).


REQUIREMENTS
============

  Linux    | OpenBSD
  -----    | -------
  nftables | pf
  whois    | whois
  systemd  |


MOTIVE
======

Preventing passive and nonconsensual telemetry, and the infringement of
one's privacy thereafter, from intrusively inquisitive big tech
conglomerates, such as Meta (Facebook) and Alphabet (Google).


NAME ORIGIN
===========

Dissecting the etymology of sirubo (pronounced as seer-rue-bow), "si"
refers to the silicon chemical symbol of "Si", referencing Silicon Valley.
The word "rubo" derives from the Esperanto language, meaning "trash".


INSTALL
=======

1) Install sirubo:

% sudo make install


2) To illustrate, add the following ASN to /usr/local/etc/sirubo.conf:

AS32934 # Google


3) Create a new firewall ruleset:

% sirubo -c


4) Test your newly created firewall ruleset:

% nc -vw 1 google.com 443

   The command should print a message similar to this:

> nc: connect to google.com (0.0.0.0) port 443 (tcp) failed: Connection
> refused

   This will indicate that your operating system firewall is configured
   to reject all outbound traffic directed at Google's ASN prefixes.


UNINSTALL
=========

1) Within this repository, uninstall sirubo:

% make uninstall

   Or, optionally, uninstall sirubo and delete its configuration files:

% make clean


FILES
=====

  Programs
  --------

  - /usr/local/bin/sirubo
        The utility itself.


  Configuration Files
  -------------------

  - /usr/local/etc/sirubo.conf
        Contains ASNs that you, the user, specify for rejection.

  - /usr/local/etc/sirubo.ruleset
        Contains a cached firewall ruleset.

  - /usr/local/etc/sirubo.ruleset.backup
        Contains a defunct firewall ruleset that is reserved as a backup
        when creating a new ruleset manually or automatically.


  Services
  --------

  - /etc/systemd/system/sirubo.service (Linux)
        A service that facilitates firewall ruleset persistency and
        automatic ruleset updates with every operating system reboot.

  - /etc/rc.d/sirubo (OpenBSD)
        A service that facilitates firewall ruleset persistency and
        automatic ruleset updates with every operating system reboot.


SCREENCAPS
==========

Visit the contrib/ directory for recorded illustrations of this utility
in GIF format.


LICENSE
=======

See the LICENSE file for details.