fw-daemon

Commit Graph

Author	SHA1	Message	Date
xSmurf	b6ff6c4857	Merge back...	7 years ago
xSmurf	e5dd1cb538	Merge...	7 years ago
xSmurf	7472b4d828	Merged from shw_dev	7 years ago
Stephen Watt	0bda150abc	Various code cleanups (still buggy/WIP). Fixed lock/race condition in fw-prompt; consolidated redundant rule action code. Started fuller TLS implementation in TLSGuard; probably broke a lot of stuff in the process. Removal/reorganization of old/stale/unused code.	7 years ago
Stephen Watt	0d13c7bb9c	WORK IN PROGRESS: New file descriptor monitor thread removes prompt requests if associated socket closes/dies before user reacts. fw-prompt request entries are now properly tethered to their default rule scope included by SGFW. pendingConnection now operates on prompter instead of raw DBus object. Fixed prompter bug in cycling through pending connections. Fixed inadequacies in SGFW rules parsing/error handling. go fmt.	7 years ago
Stephen Watt	2f5e10d53d	Merge newest branch changes with latest changes to master.	7 years ago
Stephen Watt	2fc7525cc7	Added new RemovePrompt DBus call to complement RequestPrompt (GUID-based prompt removal). The addition of a rule matching multiple pending connections in fw-prompt now removes all of them. fw-prompter now increments ref# column for identical prompt requests. Fixed/cleaned up/updated TLSGuard code. Added TLSGuard toggle option to fw-prompt GUI (default for SOCKS connections). fw-prompt now displays icon of filtered application. DBus RequestPrompt() now "works" asynchronously. TLSGuard fixed under certain conditions but still very buggy. Fixed some fw-prompt crash conditions with treeview mutex locking. Fixed SOCKS connection panic condition linked to closed channel. Cleanup of unused data structures/values.	7 years ago
Stephen Watt	a8f61a2d4e	Re-sync to master.	7 years ago
dma	7c657b9f53	Fix sandbox rule evaluation from policy file bug after fw-daemon start	7 years ago
dma	38fabc3327	Apply rules contextually by policy defined sandbox	7 years ago
xSmurf	970a4c9cee	Fixed rule mode in getString and save methods...	7 years ago
xSmurf	c01894f35c	fmt..	7 years ago
dma	92276eed47	fmt	7 years ago
dma	5f454f2c6b	Remove debug output	7 years ago
xSmurf	119344dbfc	Settings: adding sandbox and allow tls to rule edit...	7 years ago
dma	ed8c254404	Add TLSGuard to SOCKS5 filter clients not coming from oz-daemon	7 years ago
xSmurf	6e6e265fae	Fmt..	7 years ago
dma	dafec55bc7	Fixed bug with prompt rule / saved rule mismatch on SOCKS connects	7 years ago
dma	7b5a0ed980	Bug fixes, cleanup, improvement	7 years ago
dma	f3f5414fd4	Support for TLSGuard in prompter	7 years ago
dma	ae8f6d96ba	Fix rule evaluation of outgoing connections emerging from sandbox proxy ports	7 years ago
dma	a89f8118bf	Fix rule parsing, still working on this	7 years ago
dma	6cdb400d32	Fix bugs related to parsing rules file and saving rules file	7 years ago
shw	0f2b2413ea	Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks)	8 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	8 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	8 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	8 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	8 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	8 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	8 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	8 years ago
shw	30482bf15b	Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies.	8 years ago
shw	9069c91606	Garbage dump commit of current progress.	8 years ago
shw	8fe02202de	Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.	8 years ago
shw	1e84a6e168	Reincorporated socks5 code. Fixed small but critical bug in rules matching/IP comparison.	8 years ago
xSmurf	5d4b38c5b4	Refactor...	8 years ago
xSmurf	4b632fb6f2	Moved fw-daemon to command/lib	8 years ago
xSmurf	9c8f5895ca	Moved all to sgfw	8 years ago

38 Commits (b6ff6c485752182ada7fef0812d61f1ac1083195)