Stephen Watt
a8f61a2d4e
Re-sync to master.
7 years ago
dma
dafec55bc7
Fixed bug with prompt rule / saved rule mismatch on SOCKS connects
7 years ago
dma
7b5a0ed980
Bug fixes, cleanup, improvement
7 years ago
dma
f3f5414fd4
Support for TLSGuard in prompter
7 years ago
dma
ae8f6d96ba
Fix rule evaluation of outgoing connections emerging from sandbox proxy ports
7 years ago
dma
a89f8118bf
Fix rule parsing, still working on this
7 years ago
dma
6cdb400d32
Fix bugs related to parsing rules file and saving rules file
7 years ago
shw
0f2b2413ea
Added per-process (ephemeral) rule support.
...
(proc coroner now has support for multiple callbacks)
8 years ago
shw
8546f6c416
Working (but not intensively tested) IPv6 support!
8 years ago
shw
51c181a881
Full support for multiple protocol types (UDP, ICMP).
...
Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules.
fw-daemon automatically passes through all ICMP traffic sent to same address.
Added (temporary) rule for passing through all UDP-based DNS server traffic.
Updated developers' README documentation.
8 years ago
shw
f47e23e706
Support for firewall rule matching by uid/gid and/or user/group name value.
...
fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info.
sgfw prompt GUI now displays username instead of real name.
Fixed bug in parsing IP addresses as CIDR values.
sgfw_rules entries can now be commented out.
Upgraded bundled go-procsnitch API.
8 years ago
shw
fa70c06af2
CIDR subnet/mask matching support for firewall rules.
8 years ago
shw
1cd25ed699
Added simple regex-based hostname matching for firewall rules.
8 years ago
shw
0708f9127c
Proper logging of all connections denied by firewall.
...
fw-daemon now also forces logging to syslog if launched from a terminal.
8 years ago
shw
e895f204a7
Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.
8 years ago
shw
30482bf15b
Support for wildcard ports in dynamic OZ/fw rules.
...
Modified behavior for source interface-based rules to allow for fallthrough policies.
8 years ago
shw
9069c91606
Garbage dump commit of current progress.
8 years ago
shw
8fe02202de
Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.
8 years ago
shw
1e84a6e168
Reincorporated socks5 code.
...
Fixed small but critical bug in rules matching/IP comparison.
8 years ago
xSmurf
5d4b38c5b4
Refactor...
8 years ago
xSmurf
4b632fb6f2
Moved fw-daemon to command/lib
8 years ago
xSmurf
9c8f5895ca
Moved all to sgfw
8 years ago