Leopard Flower For Linux

Leopard Flower is a personal firewall for Linux OSes (based on libnetfilter_queue) which allows to allow or deny Internet access on a per-application basis rather than on a port/protocol basis.

Leopard Flower (LPFW) gives the user control over which applications are allowed to use the network. It consist of a backend/daemon and a graphical frontend.

These instructions apply specifically to Ubuntu 10.10 but are very likely to work on other Linux distributions.

The following packaged must be installed for lpfw to work:

-  libnetfilter-queue -  libnetfilter-conntrack -  libnfnetlink

1. Make sure files lpfw and lpfwgui are in the same folder   2. In a terminal window launch "lpfw" as root   3. In a terminal window of an X session launch "lpfw --gui" as a regular user (not root). You will see the graphical frontend.   4. Is you prefer to use a command line frontend instead of the graphical one, issue "lpfw --cli" in a terminal window of an X session.

1. If you don't want lpfw to look for lpfwcli/lpfwgui in the same folder, you can pass to lpfw a command line option --cli-path=/--gui-path= followed by a path to lpfwcli/lpfwgui   2. If you want lpfw to start upon system boot-up, lpfw.conf is an upstart script which should be placed into /etc/init.(If your distro doen't use upstart, then the script should be adjusted to your distro's needs). This script expects to find lpfw in /usr/sbin   3. 30-lpfw.conf can be placed into /etc/rsyslog.d if you want logs to go to syslog   4. Assuming lpfw was launched either by upstart or manually as root, in a terminal window of an X session launch "lpfw --cli"/"lpfw --gui" as a regular user (not root). You will see an ncurses based/graphical frontend.(By default lpfwcli uses zenity popups. If you don't want to use zenity run ./lpfw --cli --no-zenity.

These can be also seen with "lpfw --help".

--rules-file=   File to which rules are commited (default: /etc/lpfw.rules)

--logging_facility=   Where to write logs. Possible values stdout(default), file, syslog

--log-file=   If --logging_facility=file, then this is the file to which to write logging information. Default /tmp/lpfw.log

--pid-file=   Pidfile which prevents two instances of lpfw being launched at the same time. Default /var/log/lpfw.pid

--cli-path=   Path to lpfwcli ncurses frontend. It will be launched in xterm window. Default: in the same folder as lpfw

--gui-path=   Path to a standalone graphical frontend. Default: in the same folder as lpfw

--guipy-path   Path to python-based graphical frontend lpfwgui.py. It will be launched in python. Default: in the same folder as lpfw

--log-info=   --log-traffic=   --log-debug=   Enables different levels of logging. Possible values 1 or 0 for yes/no. Default: all three 1.

To invoke a frontend, issue the following;   lpfw --cli    Ncurses   lpfw --gui    Standalone   lpfw --guipy  Python-based