Adding Douane Firewall to the Trisquel repositories?

10 respostas [Última entrada]
Ishamael
Desconectado
Joined: 08/29/2014

Distrowatch discussed a Firewall Program a while back that blocks all network activity by default, and allows connections that are whitelisted. When an attempt to connect is made the user is alerted and able to choose whether to allow or block the connection. This approach is superior to trying to hunt down and blacklist every possible connection of virtually infinite misbehaving services-Hosts.

Would it be possible to add this Program to the repositories? That way it would be easily installed without any problems. I compiled it from it's git repository and it seems to have successfully installed, and runs. It blocks connections, but doesn't prompt me to whitelist programs. I must have done something wrong, I may have installed components, followed the steps in the incorrect order. If this was made available in the Trisquel repos users who want to secure their computers wouldn't have to worry about running into compile problems.

Maybe some one could help me solve my problem too?

Ishamael
Desconectado
Joined: 08/29/2014
Ishamael
Desconectado
Joined: 08/29/2014

Is this not possible? It's ok if it isn't. It just seems like a nice idea, but maybe someone could tell me yes, or no. Either answer is fine. If there is another program that can do this I'll install it. I just need to block all traffic, and whitelist individual processes as needed. Is there anyone here who has knowledge of this subject? What about the Comodo antivirus suite, I heard it has a firewall. Thanks

Calinou
Desconectado
Joined: 03/08/2014

Comodo is likely to be proprietary…

tomlukeywood
Desconectado
Joined: 12/05/2014

i found this on what looks like the projects homepage:
https://github.com/Douane/Douane

"The entire project is 100% open source under the GPL v2 licence."

Ishamael
Desconectado
Joined: 08/29/2014

@ Calinou

Yes I thought so as well, but I need something that performs this function, I'm having tons of network activity when the system should be idle, and tcpdump shows Russian IPs and other suspicious activity that might be better recognized by someone familiar with network security. I did find this during my build, perhaps it's not completely installed?

localhost@localhost:~/Douane/douane-daemon$ sudo make install
test -d /opt/douane || mkdir -p /opt/douane
test -d /etc/init.d/ || mkdir -p /etc/init.d/
test -d /etc/dbus-1/system.d/ || mkdir -p /etc/dbus-1/system.d/
install -m 0500 douaned /opt/douane
install -m 0755 init.d/douane /etc/init.d/
install -m 0644 system.d/org.zedroot.Douane.conf /etc/dbus-1/system.d/

localhost@localhost:~/Douane/douane-dialog$ sudo make install
test -d /opt/douane/bin || mkdir -p /opt/douane/bin
test -d /opt/douane/data || mkdir -p /opt/douane/data
install -m 0555 douane-dialog /opt/douane/bin
install -m 0755 data/* /opt/douane/data

@ tomlukeywood

Yeah, that’s why I really like the project. I'm going to donate if I can find an anonymous method; I think they deserve support for a project like this. This seems like the only sane way to run a firewall.

Ishamael
Desconectado
Joined: 08/29/2014

bump

Ishamael
Desconectado
Joined: 08/29/2014

Can anyone explain the "TEST" "INSTALL" options, maybe I need to give some kind of argument to proceed with these two components of the system. Any ideas of what kind of argument? Like I said, the rest of the components were installed fine seemingly.

GNUser
Desconectado
Joined: 07/17/2013

I think this would be a good idea. If the code is mature enough that is.

Ishamael
Desconectado
Joined: 08/29/2014

Thank You, I appreciate that. I still think the whitelisting approach is the best one. Also having a simple method of controlling traffic is great for someone like me who is struggling to understand, or learn iptables. I'll watch the git, and see if the project is getting regular updates.

GNUser
Desconectado
Joined: 07/17/2013

Yes, blocking all by default and accepting each one request is safer... but I am not sure if it will be simpler.
Anyway, that would avoid some stupid mistakes like running Tor and opening links in regular browser :P