shw
2e7b7debeb
Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections.
...
Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).
8 years ago
shw
f945481c2e
Should solve a (newly introduced) intermittent crash issue with fw-settings.
8 years ago
shw
27d0a4809d
Updated SOCKS5 connection lookup code now correctly identifies originating process.
...
Includes code to read internal proxy state information from (updated) oz-daemon.
8 years ago
shw
acf62b63d1
Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.
8 years ago
shw
de4f6ac206
SOCKS/Tor credential randomization to force new circuits with each outbound connection.
8 years ago
shw
604c157a7b
Fixed Firewall prompt popup dialog width problem.
8 years ago
shw
515c4eb3ee
Squashed (some) noisy debug output.
8 years ago
shw
0f2b2413ea
Added per-process (ephemeral) rule support.
...
(proc coroner now has support for multiple callbacks)
8 years ago
shw
af874c7395
Added support for AAAA records to DNS cache for IPv6 addressing.
8 years ago
shw
8546f6c416
Working (but not intensively tested) IPv6 support!
8 years ago
shw
5f5042fed4
Very noisy, experimental support for asynchronous multi-rule firewall prompting.
...
Fixed prompted rule removal bug in fw-prompt.
8 years ago
shw
3319802a80
Lots of assorted cleanup.
...
Much better code for detecting if a rule being edited is valid.
fw-prompt window now forces itself to be on top if a rule is pending approval.
Matching by user/uid and group/gid options now visible but not functional.
8 years ago
shw
aba795fa97
Lots of work to establish basic support for approving/denying rules.
...
Updated gotk3 vendor dependency (fixed some bug conditions).
8 years ago
shw
e3833190bf
Created pre-functional replacement GUI for fw-daemon prompter that is independent of gnome-shell.
8 years ago
shw
c3635093fa
Introduced per-process DNS cache segregation for all A records not returned by local resolver.
...
Cached DNS name lookups now failover to global cache only populated by local resolver.
Added proc-coroner module for detecting process deaths.
procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).
8 years ago
shw
51c181a881
Full support for multiple protocol types (UDP, ICMP).
...
Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules.
fw-daemon automatically passes through all ICMP traffic sent to same address.
Added (temporary) rule for passing through all UDP-based DNS server traffic.
Updated developers' README documentation.
8 years ago
shw
ea31a28d3a
Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update.
...
(there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)
8 years ago
shw
f47e23e706
Support for firewall rule matching by uid/gid and/or user/group name value.
...
fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info.
sgfw prompt GUI now displays username instead of real name.
Fixed bug in parsing IP addresses as CIDR values.
sgfw_rules entries can now be commented out.
Upgraded bundled go-procsnitch API.
8 years ago
shw
fa70c06af2
CIDR subnet/mask matching support for firewall rules.
8 years ago
shw
1cd25ed699
Added simple regex-based hostname matching for firewall rules.
8 years ago
shw
0708f9127c
Proper logging of all connections denied by firewall.
...
fw-daemon now also forces logging to syslog if launched from a terminal.
8 years ago
shw
e895f204a7
Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.
8 years ago
shw
b567e5ce54
oz-init pid mappings are now properly destroyed as these processes exit.
8 years ago
shw
a930fbbce0
Sandboxed process entries in GUI now include sandbox name/ID in display.
...
Removed fatal error when a connection to oz-control socket cannot be established.
8 years ago
shw
ba35abfb46
Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.
8 years ago
shw
b4ed11261f
Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI.
...
fw-prompt GUI gracefully displays unknown PIDs and UIDs.
Fixed stupid syntax error bug in oz-init PID management code.
8 years ago
shw
7a1851419c
Added support for using fw-daemon on all processes system-wide.
...
Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch.
fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts.
fw-daemon also checks for existing oz-init processes on startup.
Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().
8 years ago
shw
30482bf15b
Support for wildcard ports in dynamic OZ/fw rules.
...
Modified behavior for source interface-based rules to allow for fallthrough policies.
8 years ago
shw
e1a994169f
Added removeall IPC command for stripping all rules matching a source interface.
8 years ago
shw
670abc5232
Removed code for custom matching of firewall rules.
8 years ago
shw
9069c91606
Garbage dump commit of current progress.
8 years ago
shw
08266cca76
Support for handling network traffic that can't be uncovered with procsnitch.
8 years ago
shw
e3cc00a51f
Readme for testing fw-daemon with bridged traffic.
8 years ago
shw
cadb859dce
Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection.
...
fw-daemon prompter is now updated with source address of originating packet.
Fixed bug in decoding DNS data.
Packets are dropped properly (by marking and then calling Accept()).
8 years ago
shw
942b0a0c01
Bug fix.
8 years ago
shw
8fe02202de
Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.
8 years ago
shw
4955c6a66b
Added (unused) origin field in firewall gnome-shell UI.
...
Added some instructions.
8 years ago
shw
1e84a6e168
Reincorporated socks5 code.
...
Fixed small but critical bug in rules matching/IP comparison.
8 years ago
xSmurf
3bb8d65ed1
Added fw-settings desktop file
8 years ago
xSmurf
93f561849b
Fixed typos in readme...
8 years ago
xSmurf
383ce5df9b
Added handbook description to the readme, and link to documnetation
8 years ago
xSmurf
90bbc67517
Linting...
8 years ago
xSmurf
02155c44ed
Golint...
8 years ago
xSmurf
c5b8dcb660
Golint..
8 years ago
xSmurf
55ee3ad83d
Golint..
8 years ago
xSmurf
2e6f98e410
FMT...
8 years ago
xSmurf
f750840b23
...
8 years ago
xSmurf
3fac647e1c
Added build info to README...
8 years ago
xSmurf
3d317e9964
moved main...
8 years ago
xSmurf
5d4b38c5b4
Refactor...
8 years ago