From d971b2fc9efcd91e672c9f04304f371a27ea14e7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 11 Dec 2003 20:23:40 +0000 Subject: fieryfilter commited partially git-svn-id: file:///home/lennart/svn/public/fieryfilter/fieryfilter@14 79e6afc9-17da-0310-ae3c-b873bff394f4 --- README | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 README (limited to 'README') diff --git a/README b/README new file mode 100644 index 0000000..f3d4fc2 --- /dev/null +++ b/README @@ -0,0 +1,75 @@ +FieryFilter - A Desktop Firewall for Linux +========================================== + +Version 0.1 - January 13. 2003 +Version 0.2 - February 3. 2003 +Version 0.3 - February 6. 2003 +Version 0.4 - February 17. 2003 + +WARNING: This is a pre-alpha version, it will probably format your +harddisk. Consider it a "preview version". + +Description: + + FieryFilter is an interactive desktop firewall for Linux. FF will + ask you everytime a new network connection is made if you want to + allow or deny it. + + Fieryfilter is far from being usable. Currently the rule + generation is incomplete. Please join development if you want to + have it working faster. + +Requirements: + + Linux 2.4 with Netfilter and ip_queue + Gtk 2.2.1 + libipq (aka netfilter-dev) + Good knowledge of Netfilter, iptables and especially Linux + +Compilation: + + configure && make + +Installation: + + make install (as root) + cp fieryfilter.init /etc/init.d/fieryfilter + + You will need to create a new group fieryfilter and place + all users which want to use FF in it. + +Usage: + + FF is split into two distinct programs: fieryfilterd and + fieryfilter. The former is the FieryFilter daemon, the latter the + FieryFilter frontend application: + + fieryfilterd should be run as root and will plug itself into the + Netfilter ip_queue subsystem. Every packet which is pushed into + the QUEUE Netfilter target is recieved by ffd. + + fieryfilter is a GTK client to be run in a user environment. It + connects through a UNIX socket to ffd and is notified on every + incoming packet. It will popup a dialog box showing some + information about the packet and ask the user if he wants to + accept, drop or reject it. The user's decision is sent to ffd, + that process will finally execute the user's command. + + Access to fieryfilterd is only granted to users in the group + "fieryfilter". + + If no instance of fieryfilter is connected to ffd, the daemon will + accept every single connection automatically. + + You have to run the fieryfilter daemon by using the supplied init + script first (as run). You may not run it "by hand", since your + local firewall is set up correctly for this. After that you may + run the client program fieryfilter as normal user. + +FieryFilter has some memory leaks currently. This will be fixed as +soon as I find time to do it. + +Nope, FF won't be able to show the process name of the process +originating a packet. This is not possible with the API libipq provides. + +Lennart Poettering, 2003, mz6666@itaparica.org -- cgit