matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Commit Graph

  • a2cdb0a7d6 Add build dependency of golang-github-gotk3-gotk3-dev dma 2017-09-10 20:40:32 +0000
  • ab7d9464e0 typo v0.0.8 dma 2017-09-10 19:55:54 +0000
  • a8321095be fixing broken deps.. dma 2017-09-10 19:49:42 +0000
  • 52fe2b5d2d trying to fix broken deps in vendor/ dma 2017-09-10 19:48:20 +0000
  • ba94a9abe9 bump version dma 2017-09-10 19:35:46 +0000
  • d6bb96e134 Changelog for missing deps dma 2017-09-10 19:22:32 +0000
  • 70c21b0636 vendoring v0.0.7 dma 2017-09-10 19:21:19 +0000
  • 4babfbbd14 Merge remote-tracking branch 'origin/shw_dev' dma 2017-09-10 19:09:59 +0000
  • 5bf85c2fcf Install socks config dma 2017-09-10 18:12:36 +0000
  • 057d091a22 Bump version. dma 2017-09-10 17:34:46 +0000
  • e1f48ced94 move dma 2017-09-10 17:29:47 +0000
  • 6d6c3c26ff move sgfw socks config location dma 2017-09-10 17:25:57 +0000
  • ee82803633 move socks config dma 2017-09-10 17:24:56 +0000
  • 17e1acc69d socks config dma 2017-09-10 17:23:20 +0000
  • dafec55bc7 Fixed bug with prompt rule / saved rule mismatch on SOCKS connects dma 2017-09-10 17:15:12 +0000
  • 58b7a4f6a9 Update systemd unit file to install /var/run/fw-daemon/ on start dma 2017-09-10 16:00:04 +0000
  • 5a755a04e8 Change path of oz socket dma 2017-09-10 15:58:01 +0000
  • 7b5a0ed980 Bug fixes, cleanup, improvement dma 2017-09-10 15:36:12 +0000
  • d2ff760197 Patch up IPC dma 2017-09-10 15:34:00 +0000
  • a65c268dbf Change default for non-sandboxed connections. dma 2017-09-10 00:38:10 +0000
  • f3f5414fd4 Support for TLSGuard in prompter dma 2017-09-10 00:34:48 +0000
  • 9ff74569f3 Add Sandbox to procsnitch Info struct dma 2017-09-09 17:39:57 +0000
  • ae8f6d96ba Fix rule evaluation of outgoing connections emerging from sandbox proxy ports dma 2017-09-09 04:47:02 +0000
  • d0e5a97a53 Fixing process identification for UDP packets (still WIP) dma 2017-09-09 04:15:17 +0000
  • a89f8118bf Fix rule parsing, still working on this dma 2017-09-09 04:14:16 +0000
  • e8f5001483 Updated procsnitch dma 2017-09-05 01:42:24 +0000
  • 6cdb400d32 Fix bugs related to parsing rules file and saving rules file dma 2017-09-04 21:00:02 +0000
  • 14e1f99b03 Loosen match on UDP socket lookup (still WIP) User 2017-08-12 18:22:53 +0000
  • 00a405b269 Merge 1bd551bce4 into ee41b3b83e #41 Donncha O' Cearbhaill 2017-06-28 21:51:39 +0000
  • 1bd551bce4 Fix panic when a .desktop file has an empty Exec= line #41 Donncha O'Cearbhaill 2017-06-28 23:37:57 +0200
  • 2e7b7debeb Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect). shw 2017-05-23 04:45:27 +0000
  • f945481c2e Should solve a (newly introduced) intermittent crash issue with fw-settings. shw 2017-05-22 21:21:40 +0000
  • 27d0a4809d Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon. shw 2017-05-22 19:41:26 +0000
  • acf62b63d1 Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty. shw 2017-05-22 16:48:50 +0000
  • de4f6ac206 SOCKS/Tor credential randomization to force new circuits with each outbound connection. shw 2017-05-22 15:01:11 +0000
  • 604c157a7b Fixed Firewall prompt popup dialog width problem. shw 2017-05-22 04:25:33 +0000
  • 515c4eb3ee Squashed (some) noisy debug output. shw 2017-05-22 00:36:57 +0000
  • 0f2b2413ea Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks) shw 2017-05-22 00:25:03 +0000
  • af874c7395 Added support for AAAA records to DNS cache for IPv6 addressing. shw 2017-05-20 17:10:01 +0000
  • 8546f6c416 Working (but not intensively tested) IPv6 support! shw 2017-05-20 12:45:03 -0400
  • 5f5042fed4 Very noisy, experimental support for asynchronous multi-rule firewall prompting. Fixed prompted rule removal bug in fw-prompt. shw 2017-05-20 04:09:49 +0000
  • 3319802a80 Lots of assorted cleanup. Much better code for detecting if a rule being edited is valid. fw-prompt window now forces itself to be on top if a rule is pending approval. Matching by user/uid and group/gid options now visible but not functional. shw 2017-05-19 16:59:33 +0000
  • aba795fa97 Lots of work to establish basic support for approving/denying rules. Updated gotk3 vendor dependency (fixed some bug conditions). shw 2017-05-19 05:38:16 +0000
  • e3833190bf Created pre-functional replacement GUI for fw-daemon prompter that is independent of gnome-shell. shw 2017-05-18 23:12:18 +0000
  • c3635093fa Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data). shw 2017-05-18 18:25:34 +0000
  • 51c181a881 Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation. shw 2017-05-15 23:00:20 +0000
  • ea31a28d3a Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition) shw 2017-05-12 21:01:50 +0000
  • f47e23e706 Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API. shw 2017-05-12 14:10:08 +0000
  • fa70c06af2 CIDR subnet/mask matching support for firewall rules. shw 2017-05-11 15:35:58 +0000
  • 1cd25ed699 Added simple regex-based hostname matching for firewall rules. shw 2017-05-10 23:00:33 +0000
  • 0708f9127c Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal. shw 2017-05-10 22:14:14 +0000
  • e895f204a7 Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic. shw 2017-05-10 18:25:34 +0000
  • b567e5ce54 oz-init pid mappings are now properly destroyed as these processes exit. shw 2017-05-10 14:51:16 +0000
  • a930fbbce0 Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established. shw 2017-05-10 03:35:09 +0000
  • ba35abfb46 Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname. shw 2017-05-10 00:26:34 +0000
  • b4ed11261f Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI. fw-prompt GUI gracefully displays unknown PIDs and UIDs. Fixed stupid syntax error bug in oz-init PID management code. shw 2017-05-09 20:04:54 +0000
  • 7a1851419c Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll(). shw 2017-05-09 15:53:48 +0000
  • 3f30923774 add option Alexsandr Kibal 2017-05-02 23:21:52 +0000
  • 2f26ac8ce5 Add .travis.yml Alexsandr Kibal 2017-05-02 23:16:22 +0000
  • b19083d560 git-pbuilder Alexsandr Kibal 2017-04-27 16:45:09 +0000
  • 30482bf15b Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies. shw 2017-04-18 22:41:46 +0000
  • e1a994169f Added removeall IPC command for stripping all rules matching a source interface. shw 2017-04-18 21:58:10 +0000
  • 670abc5232 Removed code for custom matching of firewall rules. shw 2017-04-18 18:34:08 +0000
  • 9069c91606 Garbage dump commit of current progress. shw 2017-04-18 17:43:36 +0000
  • ee41b3b83e Fixed categories in .desktop file... v0.0.6 xSmurf 2017-04-17 15:52:50 +0000
  • fb477e15f1 Added info about iptable rules... xSmurf 2017-04-17 15:46:31 +0000
  • f9abadb612 Bumped version... xSmurf 2017-04-17 15:35:47 +0000
  • 7e29b2cb03 Bumped version... xSmurf 2017-04-17 15:33:56 +0000
  • 0b124fa007 Added build depends to build instructions... xSmurf 2017-04-17 15:14:04 +0000
  • 08266cca76 Support for handling network traffic that can't be uncovered with procsnitch. shw 2017-04-13 22:59:13 +0000
  • e3cc00a51f Readme for testing fw-daemon with bridged traffic. shw 2017-04-13 22:31:24 +0000
  • cadb859dce Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection. fw-daemon prompter is now updated with source address of originating packet. Fixed bug in decoding DNS data. Packets are dropped properly (by marking and then calling Accept()). shw 2017-04-13 22:13:56 +0000
  • 942b0a0c01 Bug fix. shw 2017-04-11 22:25:01 +0000
  • 8fe02202de Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package. shw 2017-04-11 18:19:34 +0000
  • 4955c6a66b Added (unused) origin field in firewall gnome-shell UI. Added some instructions. shw 2017-04-11 03:52:34 +0000
  • 1e84a6e168 Reincorporated socks5 code. Fixed small but critical bug in rules matching/IP comparison. shw 2017-04-10 17:57:19 +0000
  • a489fee81e Added installing of settings .desktop file xSmurf 2017-03-19 23:03:08 +0000
  • 3bb8d65ed1 Added fw-settings desktop file xSmurf 2017-03-19 23:02:41 +0000
  • 93f561849b Fixed typos in readme... xSmurf 2017-03-13 16:13:52 +0000
  • 383ce5df9b Added handbook description to the readme, and link to documnetation xSmurf 2017-03-13 15:02:07 +0000
  • 287e1a1878 Bumped version xSmurf 2016-12-29 17:39:50 +0000
  • 90bbc67517 Linting... v0.0.5 xSmurf 2016-11-29 18:48:28 +0000
  • 02155c44ed Golint... xSmurf 2016-11-29 03:01:54 +0000
  • c5b8dcb660 Golint.. xSmurf 2016-11-29 02:42:53 +0000
  • 55ee3ad83d Golint.. xSmurf 2016-11-29 02:40:39 +0000
  • 2e6f98e410 FMT... xSmurf 2016-11-29 02:19:32 +0000
  • f750840b23 ... xSmurf 2016-11-29 00:12:13 +0000
  • 3fac647e1c Added build info to README... xSmurf 2016-11-28 23:52:14 +0000
  • 3d317e9964 moved main... xSmurf 2016-11-28 23:40:29 +0000
  • 5d4b38c5b4 Refactor... xSmurf 2016-11-28 23:39:07 +0000
  • 4b632fb6f2 Moved fw-daemon to command/lib xSmurf 2016-11-25 16:31:17 +0000
  • 1c54b571ba ... xSmurf 2016-11-25 16:30:16 +0000
  • 9c8f5895ca Moved all to sgfw xSmurf 2016-11-25 16:29:19 +0000
  • cbdc287db0 Removed socks code xSmurf 2016-11-25 16:25:06 +0000
  • 7506c980ef Cleanup deny log some... socks-filter xSmurf 2016-11-25 08:00:26 +0000
  • 0cd66aa0d9 Added reload to systemd unit xSmurf 2016-11-25 07:14:45 +0000
  • 657551c8e9 Add license, closes #17 xSmurf 2016-11-25 06:07:36 +0000
  • d4e09d2f51 Fail softly and create necessary directory for config xSmurf 2016-11-25 02:48:04 +0000
  • c10ba7df23 Moved glade ui files to .ui file extensions xSmurf 2016-11-25 01:54:32 +0000
  • 95c5e486ba ADDED: System rules ADDED: Persistant configs ADDED: Prompt configurations (default action, advanced options, auto expand) FIXED: Default focus on prompt FIXED: Bug in display of *:<port> rule FIXED: Updated ui to gnome >= 3.20 xSmurf 2016-11-25 01:49:53 +0000