Application Base Firewall - Repo Required

Report Bugs, Issues and non- package Requests
Post Reply
Message
Author
User avatar
penguin
Posts: 260
Joined: Wed Jan 04, 2017 3:15 pm

Application Base Firewall - Repo Required

#1 Post by penguin »

Hi Stevo.

I know that would be difficulty, but will be great to have in MX Linux Repo, one of the follow Appilcation Based Firewalls.
Douane
Leopard Flower
OpenSnitch
or another one similar to them
Gufw is great but it is difficulty to block an personal appkication with it.

User avatar
ChrisUK
Qualified MX Guide
Posts: 299
Joined: Tue Dec 12, 2017 1:04 pm

Re: Application Base Firewall - Repo Required

#2 Post by ChrisUK »

There aren't any for Linux, they are either no longer developed, buggy, or both... including the ones you've listed.

Opensnitch looked promising, but I've not seen any development on it since July last year.
Chris

MX 18 MX 19 - Manjaro

User avatar
Duliwi
Posts: 942
Joined: Sun Jul 07, 2019 9:34 am

Re: Application Base Firewall - Repo Required

#3 Post by Duliwi »

I would also appreciate to have Appilcation Based Firewall.

It looks like "Douane" is still developed.
https://gitlab.com/douaneapp/Douane
Not very busy, but there are always changes from time to time.

And there seems to be a much more up-to-date version of opensnitch:
https://github.com/gustavo-iniguez-goya/opensnitch

What do you think? Thank you.

SwampRabbit
Posts: 3602
Joined: Tue Jun 14, 2016 2:02 pm

Re: Application Base Firewall - Repo Required

#4 Post by SwampRabbit »

Duliwi wrote: Fri Oct 02, 2020 4:48 pm And there seems to be a much more up-to-date version of opensnitch:
https://github.com/gustavo-iniguez-goya/opensnitch

What do you think? Thank you.
I have been watching opensnitch for awhile, but I don’t see the point in providing it to users when the developers states this
Disclaimer

THIS SOFTWARE IS A WORK IN PROGRESS, DO NOT EXPECT IT TO BE BUG FREE AND DO NOT RELY ON IT FOR ANY TYPE OF SECURITY.
Looks like it should build though. But what is the point of a firewall if you can’t rely on it?
NEW USERS START HERE FAQS, MX Manual, and How to Break Your System - Don't use Ubuntu PPAs! Always post your Quick System Info (QSI) when asking for help.

User avatar
Duliwi
Posts: 942
Joined: Sun Jul 07, 2019 9:34 am

Re: Application Base Firewall - Repo Required

#5 Post by Duliwi »

Thank you for your statement.

I don't know. But maybe the developers are just over-cautious and will never remove this text.
Is a security software safer, if the developers don't write such a notice?
Maybe this is just a disclaimer to exclude any liability. And it applies in principle to all security software at every stage of development.

But maybe the successor project "https://github.com/gustavo-iniguez-goya/opensnitch" simply has the disclaimer from the pre-project "https://github.com/evilsocket/opensnitch" taken over.

SwampRabbit
Posts: 3602
Joined: Tue Jun 14, 2016 2:02 pm

Re: Application Base Firewall - Repo Required

#6 Post by SwampRabbit »

If it was 100% stable, secure, and ready for use the developer would remove that comment.

We can package it, but we can’t support issues if the developer isn’t. It hasn’t been updated since July BTW, not sure why.

Edit: note I said 100%, doesn’t mean you can’t use it, but it’s like having an airbag in your car when the manufacturer says “well, I wouldn’t trust it”.
NEW USERS START HERE FAQS, MX Manual, and How to Break Your System - Don't use Ubuntu PPAs! Always post your Quick System Info (QSI) when asking for help.

SwampRabbit
Posts: 3602
Joined: Tue Jun 14, 2016 2:02 pm

Re: Application Base Firewall - Repo Required

#7 Post by SwampRabbit »

opensnitch needs some work to get packaged, the developer nests the opensnitch-ui in opensnitch but builds it separately.
They include the debian build directories for both, but the opensnitch-ui is folder is inside of the opensnitch folder.

I was able to separate out the packages into individual ones and build them, but I haven't tested them to make sure nothing breaks while doing this.

I also want to ask the developer if they can create a separate repo for opensnitch-ui or work to make it so both can be built all at once.
One or the other is a correct way, but the way things are now is not right. Plus this creates a ton of unnecessary work separating them out and packaging as it is right now.
NEW USERS START HERE FAQS, MX Manual, and How to Break Your System - Don't use Ubuntu PPAs! Always post your Quick System Info (QSI) when asking for help.

User avatar
Duliwi
Posts: 942
Joined: Sun Jul 07, 2019 9:34 am

Re: Application Base Firewall - Repo Required

#8 Post by Duliwi »

Thank you.

Maybe I will try an other way to block internet access for particular Programs. And misuse the sandboxing program firejail for this.

Post Reply

Return to “Bugs and Non-Package Requests Forum”