[Fwbuilder-discussion] Re: firewall with user interaction/netlink support

[Stefan S. <sst...@sy...>]

I just posted these messages you might be interested in to a kde 
mailinglist.
please answer personally since I'm not on this mailinglist.

> 
> Stefan Strasser schrieb:
> 
>> I hope I'm posting this to the right newsgroup.
>>
>> I wonder if there's any interest in implementing a kde application 
>> which uses the netfilter support for user interaction, a "personal 
>> firewall" for which you don't have to neccessarily set up rules but 
>> you are asked when an application is trying to access the net.
>> this especially enables you to allow access for one applcation(e.g. 
>> firefox) but disallow for another(e.g. a proprietary application 
>> trying to call home), which isn't that easy with normal netfilter 
>> rules(only way I can think of is introducing a unix group which is 
>> allowed to access the net. which causes problems for some applications).
>> have a look at sygate personal firewall for windows to see what I mean.
>>
>> so, I don't have time to learn kde/qt gui programming but I could do 
>> the network/daemon stuff.
>> maybe it's best to add this feature to an existing firewall app like 
>> knetfilter so you can combine rules with user interaction.
>> (unfortunately I couldn't look at knetfilter since it claims my 
>> kernel(2.6.8) doesn't support netfilter but it does)
>>
>> send me an email if you're interested in that kind of application, 
>> even if you don't have the time or knowledge to help implementing it.
>>
>>
> 
> (...)
> 
>  > you're right, but the kernel already has support for this.
>  > there is a special iptables target called QUEUE which lets a userspace
>  > application decide if the packet is to be rejected or accepted.
>  > among other information you can get the pid of the sending process and
>  > the IP packet itself(destination, port etc) to do this.
>  > but up to now there is no userspace application for this I'm aware of.
>  >
> 
> 



-- 
Stefan Strasser