diff options
-rw-r--r-- | README | 75 | ||||
-rwxr-xr-x | autogen.sh | 159 | ||||
-rw-r--r-- | pixmaps/dns.png | bin | 0 -> 1804 bytes | |||
-rw-r--r-- | pixmaps/ftp.png | bin | 0 -> 4884 bytes |
4 files changed, 234 insertions, 0 deletions
@@ -0,0 +1,75 @@ +FieryFilter - A Desktop Firewall for Linux +========================================== + +Version 0.1 - January 13. 2003 +Version 0.2 - February 3. 2003 +Version 0.3 - February 6. 2003 +Version 0.4 - February 17. 2003 + +WARNING: This is a pre-alpha version, it will probably format your +harddisk. Consider it a "preview version". + +Description: + + FieryFilter is an interactive desktop firewall for Linux. FF will + ask you everytime a new network connection is made if you want to + allow or deny it. + + Fieryfilter is far from being usable. Currently the rule + generation is incomplete. Please join development if you want to + have it working faster. + +Requirements: + + Linux 2.4 with Netfilter and ip_queue + Gtk 2.2.1 + libipq (aka netfilter-dev) + Good knowledge of Netfilter, iptables and especially Linux + +Compilation: + + configure && make + +Installation: + + make install (as root) + cp fieryfilter.init /etc/init.d/fieryfilter + + You will need to create a new group fieryfilter and place + all users which want to use FF in it. + +Usage: + + FF is split into two distinct programs: fieryfilterd and + fieryfilter. The former is the FieryFilter daemon, the latter the + FieryFilter frontend application: + + fieryfilterd should be run as root and will plug itself into the + Netfilter ip_queue subsystem. Every packet which is pushed into + the QUEUE Netfilter target is recieved by ffd. + + fieryfilter is a GTK client to be run in a user environment. It + connects through a UNIX socket to ffd and is notified on every + incoming packet. It will popup a dialog box showing some + information about the packet and ask the user if he wants to + accept, drop or reject it. The user's decision is sent to ffd, + that process will finally execute the user's command. + + Access to fieryfilterd is only granted to users in the group + "fieryfilter". + + If no instance of fieryfilter is connected to ffd, the daemon will + accept every single connection automatically. + + You have to run the fieryfilter daemon by using the supplied init + script first (as run). You may not run it "by hand", since your + local firewall is set up correctly for this. After that you may + run the client program fieryfilter as normal user. + +FieryFilter has some memory leaks currently. This will be fixed as +soon as I find time to do it. + +Nope, FF won't be able to show the process name of the process +originating a packet. This is not possible with the API libipq provides. + +Lennart Poettering, 2003, mz6666@itaparica.org diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..84baadd --- /dev/null +++ b/autogen.sh @@ -0,0 +1,159 @@ +#!/bin/sh +# Run this to generate all the initial makefiles, etc. + +srcdir=`dirname $0` +test -z "$srcdir" && srcdir=. + +DIE=0 + +if [ -n "$GNOME2_DIR" ]; then + ACLOCAL_FLAGS="-I $GNOME2_DIR/share/aclocal $ACLOCAL_FLAGS" + LD_LIBRARY_PATH="$GNOME2_DIR/lib:$LD_LIBRARY_PATH" + PATH="$GNOME2_DIR/bin:$PATH" + export PATH + export LD_LIBRARY_PATH +fi + +(test -f $srcdir/configure.ac) || { + echo -n "**Error**: Directory "\`$srcdir\'" does not look like the" + echo " top-level package directory" + exit 1 +} + +(autoconf --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`autoconf' installed." + echo "Download the appropriate package for your distribution," + echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/" + DIE=1 +} + +(grep "^AC_PROG_INTLTOOL" $srcdir/configure.ac >/dev/null) && { + (intltoolize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`intltool' installed." + echo "You can get it from:" + echo " ftp://ftp.gnome.org/pub/GNOME/" + DIE=1 + } +} + +(grep "^AM_PROG_XML_I18N_TOOLS" $srcdir/configure.ac >/dev/null) && { + (xml-i18n-toolize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`xml-i18n-toolize' installed." + echo "You can get it from:" + echo " ftp://ftp.gnome.org/pub/GNOME/" + DIE=1 + } +} + +(grep "^AM_PROG_LIBTOOL" $srcdir/configure.ac >/dev/null) && { + (libtool --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`libtool' installed." + echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" + DIE=1 + } +} + +(grep "^AM_GLIB_GNU_GETTEXT" $srcdir/configure.ac >/dev/null) && { + (grep "sed.*POTFILES" $srcdir/configure.ac) > /dev/null || \ + (glib-gettextize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`glib' installed." + echo "You can get it from: ftp://ftp.gtk.org/pub/gtk" + DIE=1 + } +} + +(automake --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`automake' installed." + echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" + DIE=1 + NO_AUTOMAKE=yes +} + + +# if no automake, don't bother testing for aclocal +test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: Missing \`aclocal'. The version of \`automake'" + echo "installed doesn't appear recent enough." + echo "You can get automake from ftp://ftp.gnu.org/pub/gnu/" + DIE=1 +} + +if test "$DIE" -eq 1; then + exit 1 +fi + +if test -z "$*"; then + echo "**Warning**: I am going to run \`configure' with no arguments." + echo "If you wish to pass any to it, please specify them on the" + echo \`$0\'" command line." + echo +fi + +case $CC in +xlc ) + am_opt=--include-deps;; +esac + +for coin in `find $srcdir -path $srcdir/CVS -prune -o -name configure.ac -print` +do + dr=`dirname $coin` + if test -f $dr/NO-AUTO-GEN; then + echo skipping $dr -- flagged as no auto-gen + else + echo processing $dr + ( cd $dr + + aclocalinclude="$ACLOCAL_FLAGS" + + if grep "^AM_GLIB_GNU_GETTEXT" configure.ac >/dev/null; then + echo "Creating $dr/aclocal.m4 ..." + test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 + echo "Running glib-gettextize... Ignore non-fatal messages." + echo "no" | glib-gettextize --force --copy + echo "Making $dr/aclocal.m4 writable ..." + test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 + fi + if grep "^AC_PROG_INTLTOOL" configure.ac >/dev/null; then + echo "Running intltoolize..." + intltoolize --copy --force --automake + fi + if grep "^AM_PROG_XML_I18N_TOOLS" configure.ac >/dev/null; then + echo "Running xml-i18n-toolize..." + xml-i18n-toolize --copy --force --automake + fi + if grep "^AM_PROG_LIBTOOL" configure.ac >/dev/null; then + if test -z "$NO_LIBTOOLIZE" ; then + echo "Running libtoolize..." + libtoolize --force --copy + fi + fi + echo "Running aclocal $aclocalinclude ..." + aclocal $aclocalinclude + if grep "^AM_CONFIG_HEADER" configure.ac >/dev/null; then + echo "Running autoheader..." + autoheader + fi + echo "Running automake --gnu $am_opt ..." + automake --add-missing --gnu $am_opt + echo "Running autoconf ..." + autoconf + ) + fi +done + +conf_flags="--enable-maintainer-mode" + +if test x$NOCONFIGURE = x; then + echo Running $srcdir/configure $conf_flags "$@" ... + $srcdir/configure $conf_flags "$@" \ + && echo Now type \`make\' to compile. || exit 1 +else + echo Skipping configure process. +fi diff --git a/pixmaps/dns.png b/pixmaps/dns.png Binary files differnew file mode 100644 index 0000000..24216f9 --- /dev/null +++ b/pixmaps/dns.png diff --git a/pixmaps/ftp.png b/pixmaps/ftp.png Binary files differnew file mode 100644 index 0000000..ffb937e --- /dev/null +++ b/pixmaps/ftp.png |