Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Bonus guide: Circuit Breaker, a lightning ‘firewall’


Circuit Breaker protects your node from being flooded with HTLCs in what is known as a griefing attack.

Difficulty: Easy

Status: Tested v3

circuit-breaker-tweet


Table of contents

  1. Requirements
  2. Install Go
  3. Install Circuit Breaker
  4. Configuration
  5. First run
  6. Autostart on boot
  7. Upgrade
  8. Uninstall

Requirements

  • LND v0.11+
  • Go v1.13+

Install Go

  • To install Go follow the instructions provided in the bonus guide.

Install Circuit Breaker

  • Create a new user “circuitbreaker” and make it part of the “lnd” group

    $ sudo adduser --disabled-password --gecos "" circuitbreaker
    $ sudo adduser circuitbreaker lnd
    
  • With user “circuitbreaker”, create a symbolic link to the lnd directory, in order for circuitbreaker to be allowed to interact with lnd

    $ sudo su - circuitbreaker
    $ ln -s /data/lnd /home/circuitbreaker/.lnd
    
  • Clone the project and install it

    $ git clone https://github.com/lightningequipment/circuitbreaker.git
    $ cd circuitbreaker
    $ go install
    
  • Make Circuit Breaker executable without having to provide the full path to the Go binary directory

    $ echo 'export PATH=$PATH:/home/circuitbreaker/go/bin' >> /home/circuitbreaker/.bashrc
    $ source /home/circuitbreaker/.bashrc
    

Configuration

A sample configuration file is located at ~/circuitbreaker/circuitbreaker-example.yaml. By default, Circuit Breaker reads its configuration file located at ~/.circuitbreaker/circuitbreaker.yaml.

  • Still with the “circuitbreaker” user, move and rename the sample configuration file to the location expected by Circuit Breaker, then open it

    $ cd ~/
    $ mkdir ~/.circuitbreaker
    $ cp ~/circuitbreaker/circuitbreaker-example.yaml ~/.circuitbreaker/circuitbreaker.yaml
    $ nano .circuitbreaker/circuitbreaker.yaml
    
  • Circuit Breaker suggests 5 maximum pending htlcs, set the number of htlcs that you feel comfortable with in case of a griefing attack

    maxPendingHtlcs: 3
    
  • If you don’t want to use exception groups, uncomment the entire section

    #groups:
     # For two peers, the pending and rate limits are
     # lowered.
       #- maxPendingHtlcs: 2
         #htlcMinInterval: 5s
         #htlcBurstSize: 3
         #peers:
         #- 03901a1fcfbf621245d859fe4b8bfd93c9e8191a93612db3db0efd11af64e226a2
         #- 03670eff2ccfd3a469536d8e3d38825313d266fa3c2d22b1f841beca30414586d0
     
     # A last peer is allowed to have more pending htlcs and no rate limit.
       #- maxPendingHtlcs: 25
         #peers:
         #- 035cb74e3232e98ba6a866c485f1076dca5e42147dc1e3fbf9ea7241d359988e4d
    
  • Once edited, save and exit.


First run

  • Still with user “circuitbreaker”, test if the program works by displaying the version

    $ cd ~/
    $ circuitbreaker --version
    > circuitbreaker version 0.11.1-beta.rc3 commit=
    
  • Display the help menu

    $ circuitbreaker --help
    > NAME:
    > circuitbreaker - A new cli application
    > [...]
    
  • Finally, launch circuitbreaker

    $ circuitbreaker
    $ 2021-12-08T18:33:28.557Z	INFO	Read config file	{"file": "/home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml"}
    $ 2021-12-08T18:33:28.561Z	INFO	CircuitBreaker started
    $ 2021-12-08T18:33:28.561Z	INFO	Hold fee	{"base": 0, "rate": 0, "reporting_interval": "0s"}
    $ 2021-12-08T18:33:28.813Z	INFO	Connected to lnd node	{"pubkey": "YourNodePubkey"}
    $ 2021-12-08T18:33:28.814Z	INFO	Interceptor/notification handlers registered
    $ 2021-12-08T18:33:28.814Z	INFO	Hold fee reporting disabled
    
  • Stop circuitbreaker with Ctrl+C


Autostart on boot

  • Exit the “circuitbreaker” user session back to “admin”

    $ exit
    
  • Create a circuitbreaker systemd service unit with the following content, save and exit

    $ sudo nano /etc/systemd/system/circuitbreaker.service
    
    # RaspiBolt: systemd unit for circuitbreaker
    # /etc/systemd/system/circuitbreaker.service
    
    [Unit]
    Description=Circuit Breaker
    After=lnd.service
    
    [Service]
      
    # Service execution
    ###################
    
    WorkingDirectory=/home/circuitbreaker/circuitbreaker
    ExecStart=/home/circuitbreaker/go/bin/circuitbreaker
    User=circuitbreaker
    Group=circuitbreaker
      
    # Process management
    ####################
      
    Type=simple
    KillMode=process
    TimeoutSec=60
    Restart=always
    RestartSec=60
      
    [Install]
    WantedBy=multi-user.target
    
  • Enable and start the service and check that the status is active

    $ sudo systemctl enable circuitbreaker
    $ sudo systemctl start circuitbreaker
    $ systemctl status circuitbreaker
    > circuitbreaker.service - Circuit Breaker, a lightning firewall
    > Loaded: loaded (/etc/systemd/system/circuitbreaker.service; enabled; vendor preset: enabled)
    > Active: active (running) since Sat 2021-10-30 16:53:04 BST; 6s ago
    > [...]
    
  • Circuit Breaker is now running in the background. To check the live logging output, use the following command

    $ sudo journalctl -f -u circuitbreaker
    

Upgrade

Updating to a new release should be straight-forward, but make sure to check out the release notes first.

  • From user “admin”, stop the service and open a “circuitbreaker” user session

    $ sudo systemctl stop circuitbreaker
    $ sudo su - circuitbreaker
    
  • Fetch the latest GitHub repository information and check out the new release

    $ cd ~/circuitbreaker
    $ git fetch
    $ git checkout master
    $ go install
    $ exit
    
  • Start the service again

    $ sudo systemctl start circuitbreaker
    

Uninstall

If you want to uninstall circuitbreaker

  • With the “root” user, delete the “circuitbreaker” user

    $ userdel -r circuitbreaker
    




« Back: + Lightning