summaryrefslogtreecommitdiffstats
path: root/README
blob: f3d4fc29bc2b4614157777c6f4ce1f385e6fa35f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
FieryFilter - A Desktop Firewall for Linux
==========================================

Version 0.1 - January 13. 2003
Version 0.2 - February 3. 2003
Version 0.3 - February 6. 2003
Version 0.4 - February 17. 2003

WARNING: This is a pre-alpha version, it will probably format your
harddisk. Consider it a "preview version".

Description: 

    FieryFilter is an interactive desktop firewall for Linux. FF will
    ask you everytime a new network connection is made if you want to
    allow or deny it. 

    Fieryfilter is far from being usable. Currently the rule
    generation is incomplete. Please join development if you want to
    have it working faster.

Requirements:

    Linux 2.4 with Netfilter and ip_queue
    Gtk 2.2.1
    libipq (aka netfilter-dev)
    Good knowledge of Netfilter, iptables and especially Linux

Compilation:

    configure && make

Installation:

    make install   (as root)
    cp fieryfilter.init /etc/init.d/fieryfilter 

    You will need to create a new group fieryfilter and place
    all users which want to use FF in it.

Usage:

    FF is split into two distinct programs: fieryfilterd and
    fieryfilter. The former is the FieryFilter daemon, the latter the
    FieryFilter frontend application:

    fieryfilterd should be run as root and will plug itself into the
    Netfilter ip_queue subsystem. Every packet which is pushed into
    the QUEUE Netfilter target is recieved by ffd. 

    fieryfilter is a GTK client to be run in a user environment. It
    connects through a UNIX socket to ffd and is notified on every
    incoming packet. It will popup a dialog box showing some
    information about the packet and ask the user if he wants to
    accept, drop or reject it. The user's decision is sent to ffd,
    that process will finally execute the user's command.

    Access to fieryfilterd is only granted to users in the group
    "fieryfilter".

    If no instance of fieryfilter is connected to ffd, the daemon will
    accept every single connection automatically.

    You have to run the fieryfilter daemon by using the supplied init
    script first (as run). You may not run it "by hand", since your
    local firewall is set up correctly for this. After that you may
    run the client program fieryfilter as normal user.

FieryFilter has some memory leaks currently. This will be fixed as
soon as I find time to do it.

Nope, FF won't be able to show the process name of the process
originating a packet. This is not possible with the API libipq provides.

Lennart Poettering, 2003, mz6666@itaparica.org