fwdaemon 0.1.3

fwdaemon is a Linux networking firewall runtime backend.
fwdaemon is a Linux networking firewall runtime backend. Any client application can communicate to the fwdaemon and decide which network flow could be accepted or which should be dropped.

Here are some key features of "fwdaemon":

running in realtime,
adding / removing rules for runtime packet management,
enqueue application tcp requests (rules can be build based on query entries).

If you have above software installed try to 'make'.

fwdaemon must be run from root account. You'll also need configuration files (see desktopfw directory in a package, copy this directory to /etc, you should have 3 files in /etc/desktopfw: apps, config, rules).

How it works:

fwdaemon connects to NFQUEUE and captures incoming and outgoing packets. When new tcp connection occures fwdaemon scans /proc directory to find out which application is source/target and decide (using rules) what to do. If no rule is matched, connection is queued and waits for user interaction. User connected to fwdaemon can see what rules are already exists, what packets are queued and waits for user interaction.

How to use:

You can telnet at localhost, port 32123. Available commands you'll get after LIST command. More information about commands - see protocol_commands.txt in the package.

Iptables part:

You need a rules in iptables INPUT/OUTPUT chains. See scripts/00_only_tcp.sh.

What is implemented:

Currently I tested tcp protocol. I'm sure there's many bugs in it but publishing a working code will increase development speed. My friend has started to write a kde applet.

What's the plan? I always wanted to have a linux runtime firewall. At this moment I found only one method how to manage a packets in realtime. This is NFQUEUE target which allows a user to make a packet decision in userspace. I'm writing fwdaemon as a separate application. If you want to write a gui application you're welcome.


NFQUEUE target compiled in your kernel
glib 2.x

What's New in This Release:

NLIF enumeration has been corrected. In the protocol, a newline is added to allow easy detection of the end of output command data.

last updated on:
August 5th, 2008, 2:38 GMT
license type:
GPL (GNU General Public License) 
developed by:
Zbigniew Michal Kempczynski
ROOT \ System \ Networking
Download Button

In a hurry? Add it to your Download Basket!

user rating 10



Rate it!

Add your review!