splinter

Unprivileged user packet filtering.

This program redirects TCP connections to other destinations based on the source IP address, an alternative approach to kernel controlled firewalling.

An example configuration:
listen = :8090
default = 0
!www = 127.0.0.1:80

127.0.0.1 = !www
10.0.2.7 = 0
10.0.2.0/24 = !www
The results of some connections:
$ ./splinter -f conf.txt 
2017-04-27 10:53:49 127.0.0.1 -> 127.0.0.1:80
2017-04-27 10:53:51 127.0.0.1 -> 127.0.0.1:80 (2.222s)
2017-04-27 10:54:02 10.0.2.5 -> 127.0.0.1:80
2017-04-27 10:54:04 10.0.2.5 -> 127.0.0.1:80 (2.182s)
2017-04-27 10:54:22 10.0.2.7 -> 0
2017-04-27 10:54:24 10.0.2.6 -> 127.0.0.1:80
2017-04-27 10:54:26 10.0.2.6 -> 127.0.0.1:80 (2.001s)
^C

Get the source: splinter-0.1.0.tar.gz Released under BSD style license.

Run options:
-f (configuration file) (mandatory)
-t (ip) test ip address
-l dump listing
-d daemonize
-e verbose tcp level error messages

While splinter has logging the destination service doesn't see the client IP.

Credit

Splinter is an extension of jumpgate by Patroklos Argyroudis.

Email the author.

Back to my home page.