SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

FieryFilter - A Desktop Firewall for Linux

Version 0.1 - January 13. 2003
Version 0.2 - February 3. 2003
Version 0.3 - February 6. 2003
Version 0.4 - February 17. 2003

WARNING: This is a pre-alpha version, it will probably format your harddisk. Consider it a "preview version".

Description:

FieryFilter is an interactive desktop firewall for Linux. FF will ask you everytime a new network connection is made if you want to allow or deny it.

Fieryfilter is far from being usable. Currently the rule generation is incomplete. Please join development if you want to have it working faster.

Requirements

Linux 2.4 with Netfilter and ip_queue Gtk 2.2.1
libipq
Good knowledge of Netfilter, iptables and especially Linux

Compilation

configure && make

Installation

make install (as root)
cp fieryfilter.init /etc/init.d/fieryfilter

You will need to create a new group fieryfilter and place all users which want to use FF in it.

Usage

FF is split into two distinct programs: fieryfilterd and fieryfilter. The former is the FieryFilter daemon, the latter the FieryFilter frontend application:

fieryfilterd should be run as root and will plug itself into the Netfilter ip_queue subsystem. Every packet which is pushed into the QUEUE Netfilter target is recieved by ffd.

fieryfilter is a GTK client to be run in a user environment. It connects through a UNIX socket to ffd and is notified on every incoming packet. It will popup a dialog box showing some information about the packet and ask the user if he wants to accept, drop or reject it. The user's decision is sent to ffd, that process will finally execute the user's command.

Access to fieryfilterd is only granted to users in the group "fieryfilter".

If no instance of fieryfilter is connected to ffd, the daemon will accept every single connection automatically.

You have to run the fieryfilter daemon by using the supplied init script first (as run). You may not run it "by hand", since your local firewall is set up correctly for this. After that you may run the client program fieryfilter as normal user.

FieryFilter has some memory leaks currently. This will be fixed as soon as I find time to do it.

Nope, FF won't be able to show the process name of the process originating a packet. This is not possible with the API libipq provides.

Lennart Poettering, 2003, mz6666@itaparica.org


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.