FieryFilter - A Desktop Firewall for Linux ========================================== Version 0.1 - January 13. 2003 Version 0.2 - February 3. 2003 Version 0.3 - February 6. 2003 Version 0.4 - February 17. 2003 WARNING: This is a pre-alpha version, it will probably format your harddisk. Consider it a "preview version". Description: FieryFilter is an interactive desktop firewall for Linux. FF will ask you everytime a new network connection is made if you want to allow or deny it. Fieryfilter is far from being usable. Currently the rule generation is incomplete. Please join development if you want to have it working faster. Requirements: Linux 2.4 with Netfilter and ip_queue Gtk 2.2.1 libipq (aka netfilter-dev) Good knowledge of Netfilter, iptables and especially Linux Compilation: configure && make Installation: make install (as root) cp fieryfilter.init /etc/init.d/fieryfilter You will need to create a new group fieryfilter and place all users which want to use FF in it. Usage: FF is split into two distinct programs: fieryfilterd and fieryfilter. The former is the FieryFilter daemon, the latter the FieryFilter frontend application: fieryfilterd should be run as root and will plug itself into the Netfilter ip_queue subsystem. Every packet which is pushed into the QUEUE Netfilter target is recieved by ffd. fieryfilter is a GTK client to be run in a user environment. It connects through a UNIX socket to ffd and is notified on every incoming packet. It will popup a dialog box showing some information about the packet and ask the user if he wants to accept, drop or reject it. The user's decision is sent to ffd, that process will finally execute the user's command. Access to fieryfilterd is only granted to users in the group "fieryfilter". If no instance of fieryfilter is connected to ffd, the daemon will accept every single connection automatically. You have to run the fieryfilter daemon by using the supplied init script first (as run). You may not run it "by hand", since your local firewall is set up correctly for this. After that you may run the client program fieryfilter as normal user. FieryFilter has some memory leaks currently. This will be fixed as soon as I find time to do it. Nope, FF won't be able to show the process name of the process originating a packet. This is not possible with the API libipq provides. Lennart Poettering, 2003, mz6666@itaparica.org