Application firewall for Linux OS. #Linux firewall #Network firewall #Personal firewall #Network #Linux #Firewall
Leopard Flower is a personal firewall for Linux OSes (based on libnetfilter_queue) which allows to allow or deny Internet access on a per-application basis rather than on a port/protocol basis.
Leopard Flower (LPFW) gives the user control over which applications are allowed to use the network. It consist of a backend/daemon and a graphical frontend.
These instructions apply specifically to Ubuntu 10.10 but are very likely to work on other Linux distributions.
The following packaged must be installed for lpfw to work:
- libnetfilter-queue - libnetfilter-conntrack - libnfnetlink
1. Make sure files lpfw and lpfwgui are in the same folder 2. In a terminal window launch "lpfw" as root 3. In a terminal window of an X session launch "lpfw --gui" as a regular user (not root). You will see the graphical frontend. 4. Is you prefer to use a command line frontend instead of the graphical one, issue "lpfw --cli" in a terminal window of an X session.
1. If you don't want lpfw to look for lpfwcli/lpfwgui in the same folder, you can pass to lpfw a command line option --cli-path=/--gui-path= followed by a path to lpfwcli/lpfwgui 2. If you want lpfw to start upon system boot-up, lpfw.conf is an upstart script which should be placed into /etc/init.(If your distro doen't use upstart, then the script should be adjusted to your distro's needs). This script expects to find lpfw in /usr/sbin 3. 30-lpfw.conf can be placed into /etc/rsyslog.d if you want logs to go to syslog 4. Assuming lpfw was launched either by upstart or manually as root, in a terminal window of an X session launch "lpfw --cli"/"lpfw --gui" as a regular user (not root). You will see an ncurses based/graphical frontend.(By default lpfwcli uses zenity popups. If you don't want to use zenity run ./lpfw --cli --no-zenity.
These can be also seen with "lpfw --help".
--rules-file= File to which rules are commited (default: /etc/lpfw.rules)
--logging_facility= Where to write logs. Possible values stdout(default), file, syslog
--log-file= If --logging_facility=file, then this is the file to which to write logging information. Default /tmp/lpfw.log
--pid-file= Pidfile which prevents two instances of lpfw being launched at the same time. Default /var/log/lpfw.pid
--cli-path= Path to lpfwcli ncurses frontend. It will be launched in xterm window. Default: in the same folder as lpfw
--gui-path= Path to a standalone graphical frontend. Default: in the same folder as lpfw
--guipy-path Path to python-based graphical frontend lpfwgui.py. It will be launched in python. Default: in the same folder as lpfw
--log-info= --log-traffic= --log-debug= Enables different levels of logging. Possible values 1 or 0 for yes/no. Default: all three 1.
To invoke a frontend, issue the following; lpfw --cli Ncurses lpfw --gui Standalone lpfw --guipy Python-based
Limitations in the unregistered version
- lpfwcli can be invoked only from within X session, it can't work under pure tty(for security reasons).
- Only one program can send ICMP packets simultaneously, if more than one does, LPFW blocks both.
- Only IPv4 is supported, IPv6 support is underway.
- A combination of exceptionally large executables(20Mb+) + slow CPU may result in a 2+ seconds delay when an application connects to the web for the first time, due to heavy calculations performed by sha512 checksumming function.
- Only TCP, UDP, ICMP (partly, see above) protocols are supported. If your system happens to use any other transport protocol besides TCP/UDP/ICMP and you don't want those packets discarded by lpfw, consider adding a rule to iptables something like: >>> iptables -I OUTPUT 1 -p udplite -j ACCEPT
What's new in Leopard Flower 0.4 RC3:
- Graphical frontend introduced both as a standalone executable or as a python application.
- Significantly decreased CPU usage on torrent upload.
- LPFW now filters incoming connections.
- If an app terminates or it's rule gets deleted, LPFW terminates all active connections for that app.
Leopard Flower 0.4 RC3
add to watchlist add to download basket send us an update REPORT- runs on:
- Linux
- main category:
- System
- developer:
- visit homepage
IrfanView 4.67
Bitdefender Antivirus Free 27.0.35.146
7-Zip 23.01 / 24.04 Beta
calibre 7.9.0
Context Menu Manager 3.3.3.1
Zoom Client 6.0.3.37634
4k Video Downloader 1.5.3.0080 Plus / 4.30.0.5655
ShareX 16.0.1
Windows Sandbox Launcher 1.0.0
Microsoft Teams 24060.3102.2733.5911 Home / 1.7.00.7956 Work
- ShareX
- Windows Sandbox Launcher
- Microsoft Teams
- IrfanView
- Bitdefender Antivirus Free
- 7-Zip
- calibre
- Context Menu Manager
- Zoom Client
- 4k Video Downloader