An eBPF-based DNS blocking tool for Linux that filters outgoing DNS queries at the kernel level. It provides a web UI for managing blocked domains dynamically.
- Kernel-level DNS filtering using eBPF (TCX egress hook)
- Web-based UI for managing blocked domains
- Real-time blocking without system restart
- Supports both IPv4 and IPv6
- Linux kernel 6.6+ (with TCX support)
- Go 1.25+
- clang/LLVM (for compiling eBPF code)
- Root privileges (for attaching eBPF programs)
-
Commands to install the required dependencies:
Ubuntu/Debian
sudo apt-get update sudo apt-get install libbpf-dev clang llvm libelf-dev zlib1g-dev gcc linux-headers sudo apt update sudo apt install net-tools
Fedora/CentOS/RHEL 8+
sudo dnf update sudo dnf install -y libbpf-devel clang llvm elfutils-libelf-devel zlib-devel gcc net-tools bc kernel-devel
-
Clone the repository:
git clone https://github.com/AahilRafiq/ebpFilter.git cd ebpFilter -
Install Go dependencies:
go mod download
-
Generate eBPF code and build:
go generate go build
Run with sudo, specifying your network interface:
sudo ./ebpfocus <interface_name>For example:
sudo ./ebpfocus eth0Or use the provided script (update the interface name in run.sh first):
./run.shThe web UI will be available at http://localhost:3000.
- Open
http://localhost:3000in your browser - Add domains to block using the input field
- Remove domains by clicking on them in the list
- Changes take effect immediately
The blocked domains are persisted in dnslist.txt.
The tool attaches an eBPF program to the network interface's egress path. It inspects outgoing UDP packets on port 53 (DNS) and drops queries for blocked domains before they leave the system.
