A kernel-level, proxychains-like tool for per-process traffic redirection on Linux. Built on top of cgroup v2 and eBPF, netleak forces all network traffic from a process and its entire child tree through a specific network interface, completely transparently to the application. A kernel-enforced kill-switch drops every packet instead of falling back to the default route, guaranteeing zero traffic leakage under any failure conditions.

Install from Package

Ubuntu/Debian

Download the .deb package from the latest release and install it:

curl -LO https://github.com/MuriloChianfa/netleak/releases/download/v1.1.0/netleak_1.1.0_amd64.deb
sudo dpkg -i netleak_1.1.0_amd64.deb

Fedora/RHEL/Rocky/AlmaLinux

Download the .rpm package from the latest release and install it:

curl -LO https://github.com/MuriloChianfa/netleak/releases/download/v1.1.0/netleak-1.1.0-1.x86_64.rpm
sudo rpm -i netleak-1.1.0-1.x86_64.rpm

Or Build & Install from Source

Ubuntu/Debian

# Install build dependencies
sudo apt update
sudo apt install -y clang llvm libbpf-dev libelf-dev make golang

# Clone and build
git clone https://github.com/MuriloChianfa/netleak.git
cd netleak
make

Fedora/RHEL/Rocky Linux

# Install build dependencies
sudo dnf install -y clang llvm libbpf-devel elfutils-libelf-devel make golang

# Clone and build
git clone https://github.com/MuriloChianfa/netleak.git
cd netleak
make

Usage

sudo netleak <interface> <command> [args...]

Examples

Route curl through a specific interface:

sudo netleak ppp0 curl ifconfig.me

Run a shell with all traffic going through a given interface:

sudo netleak wg0 bash

Important

Everything launched from that shell (and its children*), will have traffic routed through wg0.

Security

For details on reporting vulnerabilities and our security practices, see the Security Policy.

License

The eBPF/C source code is licensed under GPL-3.0-only (LICENSE-GPL).

The Go source code is licensed under MIT (LICENSE).