fw-daemon

Commit Graph

Author	SHA1	Message	Date
dma	5a755a04e8	Change path of oz socket	8 years ago
dma	7b5a0ed980	Bug fixes, cleanup, improvement	8 years ago
dma	d2ff760197	Patch up IPC	8 years ago
dma	a65c268dbf	Change default for non-sandboxed connections.	8 years ago
dma	f3f5414fd4	Support for TLSGuard in prompter	8 years ago
dma	9ff74569f3	Add Sandbox to procsnitch Info struct	8 years ago
dma	ae8f6d96ba	Fix rule evaluation of outgoing connections emerging from sandbox proxy ports	8 years ago
dma	d0e5a97a53	Fixing process identification for UDP packets (still WIP)	8 years ago
dma	a89f8118bf	Fix rule parsing, still working on this	8 years ago
dma	e8f5001483	Updated procsnitch	8 years ago
dma	6cdb400d32	Fix bugs related to parsing rules file and saving rules file	8 years ago
User	14e1f99b03	Loosen match on UDP socket lookup (still WIP)	8 years ago
shw	2e7b7debeb	Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).	9 years ago
shw	f945481c2e	Should solve a (newly introduced) intermittent crash issue with fw-settings.	9 years ago
shw	27d0a4809d	Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon.	9 years ago
shw	acf62b63d1	Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.	9 years ago
shw	de4f6ac206	SOCKS/Tor credential randomization to force new circuits with each outbound connection.	9 years ago
shw	604c157a7b	Fixed Firewall prompt popup dialog width problem.	9 years ago
shw	515c4eb3ee	Squashed (some) noisy debug output.	9 years ago
shw	0f2b2413ea	Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks)	9 years ago
shw	af874c7395	Added support for AAAA records to DNS cache for IPv6 addressing.	9 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	9 years ago
shw	5f5042fed4	Very noisy, experimental support for asynchronous multi-rule firewall prompting. Fixed prompted rule removal bug in fw-prompt.	9 years ago
shw	3319802a80	Lots of assorted cleanup. Much better code for detecting if a rule being edited is valid. fw-prompt window now forces itself to be on top if a rule is pending approval. Matching by user/uid and group/gid options now visible but not functional.	9 years ago
shw	aba795fa97	Lots of work to establish basic support for approving/denying rules. Updated gotk3 vendor dependency (fixed some bug conditions).	9 years ago
shw	e3833190bf	Created pre-functional replacement GUI for fw-daemon prompter that is independent of gnome-shell.	9 years ago
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	9 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	9 years ago
shw	ea31a28d3a	Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)	9 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	9 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	9 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	9 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	9 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	9 years ago
shw	b567e5ce54	oz-init pid mappings are now properly destroyed as these processes exit.	9 years ago
shw	a930fbbce0	Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established.	9 years ago
shw	ba35abfb46	Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.	9 years ago
shw	b4ed11261f	Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI. fw-prompt GUI gracefully displays unknown PIDs and UIDs. Fixed stupid syntax error bug in oz-init PID management code.	9 years ago
shw	7a1851419c	Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().	9 years ago
shw	30482bf15b	Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies.	9 years ago
shw	e1a994169f	Added removeall IPC command for stripping all rules matching a source interface.	9 years ago
shw	670abc5232	Removed code for custom matching of firewall rules.	9 years ago
shw	9069c91606	Garbage dump commit of current progress.	9 years ago
shw	08266cca76	Support for handling network traffic that can't be uncovered with procsnitch.	9 years ago
shw	e3cc00a51f	Readme for testing fw-daemon with bridged traffic.	9 years ago
shw	cadb859dce	Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection. fw-daemon prompter is now updated with source address of originating packet. Fixed bug in decoding DNS data. Packets are dropped properly (by marking and then calling Accept()).	9 years ago
shw	942b0a0c01	Bug fix.	9 years ago
shw	8fe02202de	Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.	9 years ago
shw	4955c6a66b	Added (unused) origin field in firewall gnome-shell UI. Added some instructions.	9 years ago
shw	1e84a6e168	Reincorporated socks5 code. Fixed small but critical bug in rules matching/IP comparison.	9 years ago

1 2 3 4

153 Commits (5a755a04e89faacc3e79a26edd4e222eaa074409) All Branches Search

153 Commits (5a755a04e89faacc3e79a26edd4e222eaa074409)

All Branches