Linux ARP (TCP / UDP / ICMP) Firewall Automatic Controller
Current Version: 2.4.3
Current Version Change log:
- Added option to choose whether to delete the installer file after installation
- Fixed arptables detection errors on some Linux distributions
- Fixed some bugs that is unnoticeable 😀
- Use a class to control network interfaces individually
- Added installation wizard for avalon framework when not installed. supports 3 methods of automatic installation
- Added arptables detection and installation wizard
- Added enable / disable / start option
What is SCUTUM?
Long story short, ARP firewall. It automatically adds gateways to the whitelist on connect and blocks everthing else to avoid potential threat.
SCUTUM is an ARP firewall that prevents your computer from being ARP-spoofed by other computers on LAN. SCUTUM controls “arptables” in your computer so it accepts ARP packets only from the gateway. This way, when people with malicious intentions cannot spoof your arp table. SCUTUM also prevents other people from detecting your device on LAN if SCUTUM is used with properly configured TCP/UDP firewall.
SCUTUM is also capable of handling tcp/udp/icmp traffic with iptables. You can choose to enable this feature during installation. However, a more professional firewall controller like UFW is recommended. They can handle traffic with more precision.
Usage & Installation
You should run a installation before running it for the first time for setting up configuration files. I am not sure if portable version is necessary. If you think this should be changed, raise an issue and I will change it.
[php]git clone https://github.com/K4YT3X/SCUTUM.git
sudo python3 scutum.py –install # scutum.py deletes itself after installation
rm -rf SCUTUM/[/php]
This should be easy SCUTUM starts automatically by itself after installation
$ sudo scutum # Start SCUTUM Normally $ sudo scutum --start # Start SCUTUM Manually for once even it it's disabled $ sudo scutum --enable # Enable SCUTUM (Start automatically on connect) $ sudo scutum --disable # Disable SCUTUM (Don't start automatically on connect) $ sudo scutum --reset # Reset SCUTUM (Allow ALL ARP packages temporarily) $ sudo scutum --purgelog # Purge SCUTUM logs $ sudo scutum --install # Run scutum installation wizard and install SCUTUM into system $ sudo scutum --uninstall # Remove SCUTUM from system completely
- Connect to Wi-Fi
- Accept all ARP packets
- Cache gateway MAC address by establishing a socket connection with a timeout of 0
- Add Gateway MAC to exception
- DROP all ARP packets
- Accept all ARP packets