path: root/README
diff options
Diffstat (limited to 'README')
1 files changed, 75 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..f3d4fc2
--- /dev/null
+++ b/README
@@ -0,0 +1,75 @@
+FieryFilter - A Desktop Firewall for Linux
+Version 0.1 - January 13. 2003
+Version 0.2 - February 3. 2003
+Version 0.3 - February 6. 2003
+Version 0.4 - February 17. 2003
+WARNING: This is a pre-alpha version, it will probably format your
+harddisk. Consider it a "preview version".
+ FieryFilter is an interactive desktop firewall for Linux. FF will
+ ask you everytime a new network connection is made if you want to
+ allow or deny it.
+ Fieryfilter is far from being usable. Currently the rule
+ generation is incomplete. Please join development if you want to
+ have it working faster.
+ Linux 2.4 with Netfilter and ip_queue
+ Gtk 2.2.1
+ libipq (aka netfilter-dev)
+ Good knowledge of Netfilter, iptables and especially Linux
+ configure && make
+ make install (as root)
+ cp fieryfilter.init /etc/init.d/fieryfilter
+ You will need to create a new group fieryfilter and place
+ all users which want to use FF in it.
+ FF is split into two distinct programs: fieryfilterd and
+ fieryfilter. The former is the FieryFilter daemon, the latter the
+ FieryFilter frontend application:
+ fieryfilterd should be run as root and will plug itself into the
+ Netfilter ip_queue subsystem. Every packet which is pushed into
+ the QUEUE Netfilter target is recieved by ffd.
+ fieryfilter is a GTK client to be run in a user environment. It
+ connects through a UNIX socket to ffd and is notified on every
+ incoming packet. It will popup a dialog box showing some
+ information about the packet and ask the user if he wants to
+ accept, drop or reject it. The user's decision is sent to ffd,
+ that process will finally execute the user's command.
+ Access to fieryfilterd is only granted to users in the group
+ "fieryfilter".
+ If no instance of fieryfilter is connected to ffd, the daemon will
+ accept every single connection automatically.
+ You have to run the fieryfilter daemon by using the supplied init
+ script first (as run). You may not run it "by hand", since your
+ local firewall is set up correctly for this. After that you may
+ run the client program fieryfilter as normal user.
+FieryFilter has some memory leaks currently. This will be fixed as
+soon as I find time to do it.
+Nope, FF won't be able to show the process name of the process
+originating a packet. This is not possible with the API libipq provides.
+Lennart Poettering, 2003,