fw-daemon

Commit Graph

Author	SHA1	Message	Date
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	9 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	9 years ago
shw	ea31a28d3a	Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)	9 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	9 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	9 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	9 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	9 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	9 years ago
shw	b567e5ce54	oz-init pid mappings are now properly destroyed as these processes exit.	9 years ago
shw	a930fbbce0	Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established.	9 years ago
shw	ba35abfb46	Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.	9 years ago
shw	b4ed11261f	Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI. fw-prompt GUI gracefully displays unknown PIDs and UIDs. Fixed stupid syntax error bug in oz-init PID management code.	9 years ago
shw	7a1851419c	Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().	9 years ago
shw	30482bf15b	Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies.	9 years ago
shw	e1a994169f	Added removeall IPC command for stripping all rules matching a source interface.	9 years ago
shw	670abc5232	Removed code for custom matching of firewall rules.	9 years ago
shw	9069c91606	Garbage dump commit of current progress.	9 years ago
shw	08266cca76	Support for handling network traffic that can't be uncovered with procsnitch.	9 years ago
shw	cadb859dce	Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection. fw-daemon prompter is now updated with source address of originating packet. Fixed bug in decoding DNS data. Packets are dropped properly (by marking and then calling Accept()).	9 years ago
shw	942b0a0c01	Bug fix.	9 years ago
shw	8fe02202de	Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.	9 years ago
shw	4955c6a66b	Added (unused) origin field in firewall gnome-shell UI. Added some instructions.	9 years ago
shw	1e84a6e168	Reincorporated socks5 code. Fixed small but critical bug in rules matching/IP comparison.	9 years ago
xSmurf	90bbc67517	Linting...	10 years ago
xSmurf	02155c44ed	Golint...	10 years ago
xSmurf	c5b8dcb660	Golint..	10 years ago
xSmurf	2e6f98e410	FMT...	10 years ago
xSmurf	5d4b38c5b4	Refactor...	10 years ago
xSmurf	4b632fb6f2	Moved fw-daemon to command/lib	10 years ago
xSmurf	9c8f5895ca	Moved all to sgfw	10 years ago

30 Commits (3319802a80c723cbf460c5a4c93e1faf87d3c86c)