shw
aba795fa97
Lots of work to establish basic support for approving/denying rules.
...
Updated gotk3 vendor dependency (fixed some bug conditions).
8 years ago
shw
e3833190bf
Created pre-functional replacement GUI for fw-daemon prompter that is independent of gnome-shell.
8 years ago
shw
c3635093fa
Introduced per-process DNS cache segregation for all A records not returned by local resolver.
...
Cached DNS name lookups now failover to global cache only populated by local resolver.
Added proc-coroner module for detecting process deaths.
procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).
8 years ago
shw
51c181a881
Full support for multiple protocol types (UDP, ICMP).
...
Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules.
fw-daemon automatically passes through all ICMP traffic sent to same address.
Added (temporary) rule for passing through all UDP-based DNS server traffic.
Updated developers' README documentation.
8 years ago
shw
ea31a28d3a
Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update.
...
(there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)
8 years ago
shw
f47e23e706
Support for firewall rule matching by uid/gid and/or user/group name value.
...
fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info.
sgfw prompt GUI now displays username instead of real name.
Fixed bug in parsing IP addresses as CIDR values.
sgfw_rules entries can now be commented out.
Upgraded bundled go-procsnitch API.
8 years ago
shw
fa70c06af2
CIDR subnet/mask matching support for firewall rules.
8 years ago
shw
1cd25ed699
Added simple regex-based hostname matching for firewall rules.
8 years ago
shw
0708f9127c
Proper logging of all connections denied by firewall.
...
fw-daemon now also forces logging to syslog if launched from a terminal.
8 years ago
shw
e895f204a7
Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.
8 years ago
shw
b567e5ce54
oz-init pid mappings are now properly destroyed as these processes exit.
8 years ago
shw
a930fbbce0
Sandboxed process entries in GUI now include sandbox name/ID in display.
...
Removed fatal error when a connection to oz-control socket cannot be established.
8 years ago
shw
ba35abfb46
Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.
8 years ago
shw
b4ed11261f
Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI.
...
fw-prompt GUI gracefully displays unknown PIDs and UIDs.
Fixed stupid syntax error bug in oz-init PID management code.
8 years ago
shw
7a1851419c
Added support for using fw-daemon on all processes system-wide.
...
Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch.
fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts.
fw-daemon also checks for existing oz-init processes on startup.
Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().
8 years ago
shw
30482bf15b
Support for wildcard ports in dynamic OZ/fw rules.
...
Modified behavior for source interface-based rules to allow for fallthrough policies.
8 years ago
shw
e1a994169f
Added removeall IPC command for stripping all rules matching a source interface.
8 years ago
shw
670abc5232
Removed code for custom matching of firewall rules.
8 years ago
shw
9069c91606
Garbage dump commit of current progress.
8 years ago
xSmurf
ee41b3b83e
Fixed categories in .desktop file...
8 years ago
xSmurf
fb477e15f1
Added info about iptable rules...
8 years ago
xSmurf
0b124fa007
Added build depends to build instructions...
8 years ago
shw
08266cca76
Support for handling network traffic that can't be uncovered with procsnitch.
8 years ago
shw
e3cc00a51f
Readme for testing fw-daemon with bridged traffic.
8 years ago
shw
cadb859dce
Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection.
...
fw-daemon prompter is now updated with source address of originating packet.
Fixed bug in decoding DNS data.
Packets are dropped properly (by marking and then calling Accept()).
8 years ago
shw
942b0a0c01
Bug fix.
8 years ago
shw
8fe02202de
Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.
8 years ago
shw
4955c6a66b
Added (unused) origin field in firewall gnome-shell UI.
...
Added some instructions.
8 years ago
shw
1e84a6e168
Reincorporated socks5 code.
...
Fixed small but critical bug in rules matching/IP comparison.
8 years ago
xSmurf
3bb8d65ed1
Added fw-settings desktop file
8 years ago
xSmurf
93f561849b
Fixed typos in readme...
8 years ago
xSmurf
383ce5df9b
Added handbook description to the readme, and link to documnetation
8 years ago
xSmurf
90bbc67517
Linting...
8 years ago
xSmurf
02155c44ed
Golint...
8 years ago
xSmurf
c5b8dcb660
Golint..
8 years ago
xSmurf
55ee3ad83d
Golint..
8 years ago
xSmurf
2e6f98e410
FMT...
8 years ago
xSmurf
f750840b23
...
8 years ago
xSmurf
3fac647e1c
Added build info to README...
8 years ago
xSmurf
3d317e9964
moved main...
8 years ago
xSmurf
5d4b38c5b4
Refactor...
8 years ago
xSmurf
4b632fb6f2
Moved fw-daemon to command/lib
8 years ago
xSmurf
1c54b571ba
...
8 years ago
xSmurf
9c8f5895ca
Moved all to sgfw
8 years ago
xSmurf
cbdc287db0
Removed socks code
8 years ago
xSmurf
7506c980ef
Cleanup deny log some...
8 years ago
xSmurf
0cd66aa0d9
Added reload to systemd unit
8 years ago
xSmurf
657551c8e9
Add license, closes #17
8 years ago
xSmurf
d4e09d2f51
Fail softly and create necessary directory for config
8 years ago
xSmurf
c10ba7df23
Moved glade ui files to .ui file extensions
8 years ago