Tempesta FW is a hybrid solution which combines reverse proxy and firewall at the same time. It accelerates Web applications and provide high performance framework with access to all network layers for running complex network traffic classification and blocking modules.
Tempesta FW is built on top of Synchronous Sockets, a library for Linux kernel which provides better and more stable performance characteristics in comparison with common Socket API and even kernel sockets.
Tempesta requires following Linux kernel configuration options to be switched on:
- CONFIG_SECURITY
- CONFIG_SECURITY_NETWORK
- CONFIG_NETLINK_MMAP
Tempesta DB user-space libarary requires netlink mmap defined in standard headers, so preferably Linux distribution should have native 3.10 kernel. Currently CentOS 7 is shipped with appropriate kernel.
To build the module you need to do following steps:
- Patch Linux kernel 3.10.10 with linux-3.10.10.patch
- Build and load the kernel
- Just run make to build Synchronous Sockets, Tempesta DB and Tempesta FW modules
Add NORMALIZATION=1 as an argument to make to build Tempesta with HTTP normalization logic.
$ ./tempesta.sh start
$ ./tempesta.sh stop
Tempesta is configured via plain-text configuration file.
The file location is determined by the TFW_CFG_PATH
environment variable:
$ TFW_CFG_PATH="/opt/tempesta.conf" ./tempesta.sh start
By default, the tempesta_fw.conf
from this directory is used.
See tempesta_fw.conf
for the list of available options and their descriptions.