fw-daemon

Commit Graph

Author	SHA1	Message	Date
Stephen Watt	a3fa1b1285	Slightly kludgy workaround for gtk-3.20 dependence in gtk-3.18 builds. Added SGFW_CONF environment variable for overriding default SGFW configuration path. Added SGFW_SOCKS_CONFIG environment variable for overriding default SGFW SOCKS json config file path. Updated readme with information on building outside SGOS.	7 years ago
dma	92276eed47	fmt	7 years ago
dma	5f454f2c6b	Remove debug output	7 years ago
dma	2869f15ba1	Remove hack + debug output because of fix in `af1a925b11`	7 years ago
dma	af1a925b11	Fix bug where sometimes not all of /proc/net/tcp is read	7 years ago
xSmurf	119344dbfc	Settings: adding sandbox and allow tls to rule edit...	7 years ago
dma	ef9a0a22c2	Make log more sublogmon friendly	7 years ago
dma	ed8c254404	Add TLSGuard to SOCKS5 filter clients not coming from oz-daemon	7 years ago
dma	e7a803f84f	Temporary workaround	7 years ago
dma	9ac3c3fa92	Temporary workaround to drop connections from the sandbox manager that we can't further identify.	7 years ago
xSmurf	755e0088c5	typo and fmt...	7 years ago
xSmurf	6e6e265fae	Fmt..	7 years ago
dma	68e6d57c9b	Remove bad deps, fix exec erroneous path truncation for processes outside of oz	7 years ago
dma	6d6c3c26ff	move sgfw socks config location	7 years ago
dma	dafec55bc7	Fixed bug with prompt rule / saved rule mismatch on SOCKS connects	7 years ago
dma	5a755a04e8	Change path of oz socket	7 years ago
dma	7b5a0ed980	Bug fixes, cleanup, improvement	7 years ago
dma	d2ff760197	Patch up IPC	7 years ago
dma	f3f5414fd4	Support for TLSGuard in prompter	7 years ago
dma	ae8f6d96ba	Fix rule evaluation of outgoing connections emerging from sandbox proxy ports	7 years ago
dma	a89f8118bf	Fix rule parsing, still working on this	7 years ago
dma	6cdb400d32	Fix bugs related to parsing rules file and saving rules file	7 years ago
User	14e1f99b03	Loosen match on UDP socket lookup (still WIP)	7 years ago
shw	2e7b7debeb	Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).	7 years ago
shw	27d0a4809d	Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon.	7 years ago
shw	acf62b63d1	Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.	7 years ago
shw	de4f6ac206	SOCKS/Tor credential randomization to force new circuits with each outbound connection.	7 years ago
shw	515c4eb3ee	Squashed (some) noisy debug output.	7 years ago
shw	0f2b2413ea	Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks)	7 years ago
shw	af874c7395	Added support for AAAA records to DNS cache for IPv6 addressing.	7 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	7 years ago
shw	5f5042fed4	Very noisy, experimental support for asynchronous multi-rule firewall prompting. Fixed prompted rule removal bug in fw-prompt.	7 years ago
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	7 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	7 years ago
shw	ea31a28d3a	Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)	7 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	7 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	7 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	7 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	7 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	7 years ago
shw	b567e5ce54	oz-init pid mappings are now properly destroyed as these processes exit.	7 years ago
shw	a930fbbce0	Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established.	7 years ago
shw	ba35abfb46	Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.	7 years ago
shw	b4ed11261f	Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI. fw-prompt GUI gracefully displays unknown PIDs and UIDs. Fixed stupid syntax error bug in oz-init PID management code.	7 years ago
shw	7a1851419c	Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().	7 years ago
shw	30482bf15b	Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies.	7 years ago
shw	e1a994169f	Added removeall IPC command for stripping all rules matching a source interface.	7 years ago
shw	670abc5232	Removed code for custom matching of firewall rules.	7 years ago
shw	9069c91606	Garbage dump commit of current progress.	7 years ago
shw	08266cca76	Support for handling network traffic that can't be uncovered with procsnitch.	7 years ago

1 2

62 Commits (a3fa1b1285609820a944c04497c21db5f5dff679)