Commit Graph

76 Commits (372cc52f2af1e752dfc3cfebbb8d3824d43bc74b)

Author SHA1 Message Date
dma a3e38de6e5 Reduce log noise + honor log redact config option
7 years ago
dma 139c4a08b8 Fixes https://github.com/subgraph/fw-daemon/issues/52 + redacts logs per config
7 years ago
dma 71c17675f5 TLSGuard working again, needs clean-up and testing
7 years ago
xSmurf 00aa12f140 FMT'ing some more log output...
7 years ago
xSmurf bfa28d89da Fmt'ing some log outputs...
7 years ago
dma 7c657b9f53 Fix sandbox rule evaluation from policy file bug after fw-daemon start
7 years ago
xSmurf 972f733b63 fmt..
7 years ago
dma 7d3e31a005 Read more TLS messages during handshake
7 years ago
dma 38fabc3327 Apply rules contextually by policy defined sandbox
7 years ago
dma c395ad85f8 Fix dumb bug where sgfw accepting DNS packet before passing to DNS processor
7 years ago
xSmurf 970a4c9cee Fixed rule mode in getString and save methods...
7 years ago
xSmurf c01894f35c fmt..
7 years ago
Stephen Watt 8054062418 More checks in SGFW prompt GUI to prevent accidental startup race/panic condition.
7 years ago
Stephen Watt e3ab56486b Upgraded standalone fw-prompt for DBus compatibility with new fw-daemon.
7 years ago
Stephen Watt a3fa1b1285 Slightly kludgy workaround for gtk-3.20 dependence in gtk-3.18 builds.
7 years ago
dma 92276eed47 fmt
7 years ago
dma 5f454f2c6b Remove debug output
7 years ago
dma 2869f15ba1 Remove hack + debug output because of fix in af1a925b11
7 years ago
dma af1a925b11 Fix bug where sometimes not all of /proc/net/tcp is read
7 years ago
xSmurf 119344dbfc Settings: adding sandbox and allow tls to rule edit...
7 years ago
dma ef9a0a22c2 Make log more sublogmon friendly
7 years ago
dma ed8c254404 Add TLSGuard to SOCKS5 filter clients not coming from oz-daemon
7 years ago
dma e7a803f84f Temporary workaround
7 years ago
dma 9ac3c3fa92 Temporary workaround to drop connections from the sandbox manager that we can't further identify.
7 years ago
xSmurf 755e0088c5 typo and fmt...
7 years ago
xSmurf 6e6e265fae Fmt..
7 years ago
dma 68e6d57c9b Remove bad deps, fix exec erroneous path truncation for processes outside of oz
7 years ago
dma 6d6c3c26ff move sgfw socks config location
7 years ago
dma dafec55bc7 Fixed bug with prompt rule / saved rule mismatch on SOCKS connects
7 years ago
dma 5a755a04e8 Change path of oz socket
7 years ago
dma 7b5a0ed980 Bug fixes, cleanup, improvement
7 years ago
dma d2ff760197 Patch up IPC
7 years ago
dma f3f5414fd4 Support for TLSGuard in prompter
7 years ago
dma ae8f6d96ba Fix rule evaluation of outgoing connections emerging from sandbox proxy ports
7 years ago
dma a89f8118bf Fix rule parsing, still working on this
7 years ago
dma 6cdb400d32 Fix bugs related to parsing rules file and saving rules file
7 years ago
User 14e1f99b03 Loosen match on UDP socket lookup (still WIP)
7 years ago
shw 2e7b7debeb Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections.
8 years ago
shw 27d0a4809d Updated SOCKS5 connection lookup code now correctly identifies originating process.
8 years ago
shw acf62b63d1 Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.
8 years ago
shw de4f6ac206 SOCKS/Tor credential randomization to force new circuits with each outbound connection.
8 years ago
shw 515c4eb3ee Squashed (some) noisy debug output.
8 years ago
shw 0f2b2413ea Added per-process (ephemeral) rule support.
8 years ago
shw af874c7395 Added support for AAAA records to DNS cache for IPv6 addressing.
8 years ago
shw 8546f6c416 Working (but not intensively tested) IPv6 support!
8 years ago
shw 5f5042fed4 Very noisy, experimental support for asynchronous multi-rule firewall prompting.
8 years ago
shw c3635093fa Introduced per-process DNS cache segregation for all A records not returned by local resolver.
8 years ago
shw 51c181a881 Full support for multiple protocol types (UDP, ICMP).
8 years ago
shw ea31a28d3a Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update.
8 years ago
shw f47e23e706 Support for firewall rule matching by uid/gid and/or user/group name value.
8 years ago