fw-daemon

JavaScript error: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'". (https://git.lalonde.me/assets/js/index.js?v=1.18.3 @ 19:71758). Open browser console to see more details.

Commit Graph

Author	SHA1	Message	Date
Stephen Watt	71ee1964f4	Very messy experimental extensions to TLSGuard to strip out sessions and TLS extensions in the handshake protocol.	8 years ago
Stephen Watt	ff8be65566	Added connection timestamps to firewall prompting. Disabled old synchronous RequestPrompt Dbus method in fw-prompt. fw-prompt GUI now (as originally) remains above other windows when there are pending decisions. Fixed improper traversal of pending connections in fw-prompt GUI. Consolidated redundant code blocks in fw-prompt GUI.	8 years ago
Stephen Watt	0bda150abc	Various code cleanups (still buggy/WIP). Fixed lock/race condition in fw-prompt; consolidated redundant rule action code. Started fuller TLS implementation in TLSGuard; probably broke a lot of stuff in the process. Removal/reorganization of old/stale/unused code.	8 years ago
Stephen Watt	0d13c7bb9c	WORK IN PROGRESS: New file descriptor monitor thread removes prompt requests if associated socket closes/dies before user reacts. fw-prompt request entries are now properly tethered to their default rule scope included by SGFW. pendingConnection now operates on prompter instead of raw DBus object. Fixed prompter bug in cycling through pending connections. Fixed inadequacies in SGFW rules parsing/error handling. go fmt.	8 years ago
Stephen Watt	2eac4c7dc5	Very experimental/under-dev release of new fully asynchronous multi-prompter. New Dbus method "RequestPromptAsync" to handle "return-less" prompter invocations in fw-prompt. Proper GUI locking in fw-prompt eliminates old race/crash conditions. New DBus method "GetPendingRequests" in SGFW allows prompter to retrieve pending connections. Policies now maintain rulesPending list of unapplied asynchronously submitted FW rules from the prompter. Fixed reentrance/crash bug in UID and GID to name lookups.	8 years ago
Stephen Watt	2f5e10d53d	Merge newest branch changes with latest changes to master.	8 years ago
Stephen Watt	2fc7525cc7	Added new RemovePrompt DBus call to complement RequestPrompt (GUID-based prompt removal). The addition of a rule matching multiple pending connections in fw-prompt now removes all of them. fw-prompter now increments ref# column for identical prompt requests. Fixed/cleaned up/updated TLSGuard code. Added TLSGuard toggle option to fw-prompt GUI (default for SOCKS connections). fw-prompt now displays icon of filtered application. DBus RequestPrompt() now "works" asynchronously. TLSGuard fixed under certain conditions but still very buggy. Fixed some fw-prompt crash conditions with treeview mutex locking. Fixed SOCKS connection panic condition linked to closed channel. Cleanup of unused data structures/values.	8 years ago
Stephen Watt	a8f61a2d4e	Re-sync to master.	8 years ago
dma	e1f48ced94	move	8 years ago
dma	6d6c3c26ff	move sgfw socks config location	8 years ago
dma	ee82803633	move socks config	8 years ago
dma	17e1acc69d	socks config	8 years ago
dma	dafec55bc7	Fixed bug with prompt rule / saved rule mismatch on SOCKS connects	8 years ago
dma	58b7a4f6a9	Update systemd unit file to install /var/run/fw-daemon/ on start	8 years ago
dma	5a755a04e8	Change path of oz socket	8 years ago
dma	7b5a0ed980	Bug fixes, cleanup, improvement	8 years ago
dma	d2ff760197	Patch up IPC	8 years ago
dma	a65c268dbf	Change default for non-sandboxed connections.	8 years ago
dma	f3f5414fd4	Support for TLSGuard in prompter	8 years ago
dma	9ff74569f3	Add Sandbox to procsnitch Info struct	8 years ago
dma	ae8f6d96ba	Fix rule evaluation of outgoing connections emerging from sandbox proxy ports	8 years ago
dma	d0e5a97a53	Fixing process identification for UDP packets (still WIP)	8 years ago
dma	a89f8118bf	Fix rule parsing, still working on this	8 years ago
dma	e8f5001483	Updated procsnitch	8 years ago
dma	6cdb400d32	Fix bugs related to parsing rules file and saving rules file	8 years ago
User	14e1f99b03	Loosen match on UDP socket lookup (still WIP)	8 years ago
shw	2e7b7debeb	Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).	8 years ago
shw	f945481c2e	Should solve a (newly introduced) intermittent crash issue with fw-settings.	8 years ago
shw	27d0a4809d	Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon.	8 years ago
shw	acf62b63d1	Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.	8 years ago
shw	de4f6ac206	SOCKS/Tor credential randomization to force new circuits with each outbound connection.	8 years ago
shw	604c157a7b	Fixed Firewall prompt popup dialog width problem.	8 years ago
shw	515c4eb3ee	Squashed (some) noisy debug output.	8 years ago
shw	0f2b2413ea	Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks)	8 years ago
shw	af874c7395	Added support for AAAA records to DNS cache for IPv6 addressing.	8 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	8 years ago
shw	5f5042fed4	Very noisy, experimental support for asynchronous multi-rule firewall prompting. Fixed prompted rule removal bug in fw-prompt.	8 years ago
shw	3319802a80	Lots of assorted cleanup. Much better code for detecting if a rule being edited is valid. fw-prompt window now forces itself to be on top if a rule is pending approval. Matching by user/uid and group/gid options now visible but not functional.	8 years ago
shw	aba795fa97	Lots of work to establish basic support for approving/denying rules. Updated gotk3 vendor dependency (fixed some bug conditions).	8 years ago
shw	e3833190bf	Created pre-functional replacement GUI for fw-daemon prompter that is independent of gnome-shell.	8 years ago
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	8 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	8 years ago
shw	ea31a28d3a	Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)	8 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	8 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	8 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	8 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	8 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	8 years ago
shw	b567e5ce54	oz-init pid mappings are now properly destroyed as these processes exit.	8 years ago
shw	a930fbbce0	Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established.	8 years ago

1 2 3 4

167 Commits (71ee1964f4ff66e4125a094c0afe6c70d0958751) All Branches Search

167 Commits (71ee1964f4ff66e4125a094c0afe6c70d0958751)

All Branches