fw-daemon

Commit Graph

Author	SHA1	Message	Date
shw	2e7b7debeb	Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).	8 years ago
shw	f945481c2e	Should solve a (newly introduced) intermittent crash issue with fw-settings.	8 years ago
shw	27d0a4809d	Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon.	8 years ago
shw	acf62b63d1	Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.	8 years ago
shw	de4f6ac206	SOCKS/Tor credential randomization to force new circuits with each outbound connection.	8 years ago
shw	604c157a7b	Fixed Firewall prompt popup dialog width problem.	8 years ago
shw	515c4eb3ee	Squashed (some) noisy debug output.	8 years ago
shw	0f2b2413ea	Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks)	8 years ago
shw	af874c7395	Added support for AAAA records to DNS cache for IPv6 addressing.	8 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	8 years ago
shw	5f5042fed4	Very noisy, experimental support for asynchronous multi-rule firewall prompting. Fixed prompted rule removal bug in fw-prompt.	8 years ago
shw	3319802a80	Lots of assorted cleanup. Much better code for detecting if a rule being edited is valid. fw-prompt window now forces itself to be on top if a rule is pending approval. Matching by user/uid and group/gid options now visible but not functional.	8 years ago
shw	aba795fa97	Lots of work to establish basic support for approving/denying rules. Updated gotk3 vendor dependency (fixed some bug conditions).	8 years ago
shw	e3833190bf	Created pre-functional replacement GUI for fw-daemon prompter that is independent of gnome-shell.	8 years ago
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	8 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	8 years ago
shw	ea31a28d3a	Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)	8 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	8 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	8 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	8 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	8 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	8 years ago
shw	b567e5ce54	oz-init pid mappings are now properly destroyed as these processes exit.	8 years ago
shw	a930fbbce0	Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established.	8 years ago
shw	ba35abfb46	Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.	8 years ago
shw	b4ed11261f	Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI. fw-prompt GUI gracefully displays unknown PIDs and UIDs. Fixed stupid syntax error bug in oz-init PID management code.	8 years ago
shw	7a1851419c	Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().	8 years ago
shw	30482bf15b	Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies.	8 years ago
shw	e1a994169f	Added removeall IPC command for stripping all rules matching a source interface.	8 years ago
shw	670abc5232	Removed code for custom matching of firewall rules.	8 years ago
shw	9069c91606	Garbage dump commit of current progress.	8 years ago
shw	08266cca76	Support for handling network traffic that can't be uncovered with procsnitch.	8 years ago
shw	e3cc00a51f	Readme for testing fw-daemon with bridged traffic.	8 years ago
shw	cadb859dce	Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection. fw-daemon prompter is now updated with source address of originating packet. Fixed bug in decoding DNS data. Packets are dropped properly (by marking and then calling Accept()).	8 years ago
shw	942b0a0c01	Bug fix.	8 years ago
shw	8fe02202de	Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.	8 years ago
shw	4955c6a66b	Added (unused) origin field in firewall gnome-shell UI. Added some instructions.	8 years ago
shw	1e84a6e168	Reincorporated socks5 code. Fixed small but critical bug in rules matching/IP comparison.	8 years ago
xSmurf	3bb8d65ed1	Added fw-settings desktop file	8 years ago
xSmurf	93f561849b	Fixed typos in readme...	8 years ago
xSmurf	383ce5df9b	Added handbook description to the readme, and link to documnetation	8 years ago
xSmurf	90bbc67517	Linting...	8 years ago
xSmurf	02155c44ed	Golint...	8 years ago
xSmurf	c5b8dcb660	Golint..	8 years ago
xSmurf	55ee3ad83d	Golint..	8 years ago
xSmurf	2e6f98e410	FMT...	8 years ago
xSmurf	f750840b23	...	8 years ago
xSmurf	3fac647e1c	Added build info to README...	8 years ago
xSmurf	3d317e9964	moved main...	8 years ago
xSmurf	5d4b38c5b4	Refactor...	8 years ago

1 2 3

141 Commits (2e7b7debebd4f8f8b63fd0fe813ebae030eed861) All Branches Search

141 Commits (2e7b7debebd4f8f8b63fd0fe813ebae030eed861)

All Branches