fireflier 1.99 Beta2 review
Downloadfireflier is a firewall tool, which is built on top of the iptables framework
|
|
fireflier is a firewall tool, which is built on top of the iptables framework. It all started in February 2002, when I was sitting on my computer and doing the firewall settings for a small server. I realized, that allthough I know about firewall rules, my desktop machine was not secure, with which I was working all the time.
The reason for this was very simple: It was just to annoying, to modify the rules all the time when I wanted to try something new (Shoutcasting, Samba, ...).
At that time I started searching for a tool to easily manage my firewall rules, but at that time my search was not successful. So I decided to write my own tool, which I wanted to be able to manage a firewall in a very convenient way. As I did some research, I soon realized, that the iptables offered a very convenient possibility, to pass packets down to userspace.
And so I started to write FireFlier, which should provide a personal firewall - easy to manage and with a nice interface.
Anyways: as the installation is not very easy, this project is aimed at system administrators, who do know a little about kernel compilation, and firewalls in general.
Nevertheless I will answer installation questions.
Here are some key features of "fireflier":
Client - Server:
FireFlier is designed as a Client/Server model, which enables you to run the firewall part on one computer and the interface, for configuring the firewall on another computer
Java/QT/Gtk Client:
1. There are three existing clients, which are compatible with the FireFlier server. The Java client, which enables you to configure your firewall from any operating system. (Windows, Mac OS X, ...).
2. The QT client, which works on Linux machines and looks quite nice (btw: the QT Client depends on QT 3.x)
3. And the Gtk client, which looks quite nice, too ;)
Interaction:
As every packet which is not so far matched by any rule appears automatically in the interface, you have got the possiblity to accept or deny single packets, or create rules based on these packets.
Filtering by application:
FireFlier is also capable of filtering by application. So you are for example able to simply allow your ICQ Client to do anything it wants.
Timing-out rules:
Consider the situation, that you want to allow a friend to access your computer for downloading some stuff. Granting him access to do that would usually mean, that you would have to block him a few hours later again, to "secure" your firewall. This is a task, which can be done by FireFlier itself. You just tell it, when you accept the packets, that the rule is only valid for 6 hours. After these six hours, the rule times out and you get a request again, if there is again a connection from his computer.
Requirements:
kernel >=2.4.x
FireFlier uses for its firewall management the new iptables firewall framework.
kernel 2.6.x has been tested and works too.
ip_queue
FireFlier needs the userspace queuing facility of the kernel to do its work. This module is part of the official kernel release, though you will have to activate the experimental code options (Code maturity level options --> Prompt for development and/or incomplete code/drivers)
Afterwards you will find the userspace queueing option available (Network options --> IP: netfilter configuration --> Userspace queueing via NETLINK)
Although this code is marked as experimental I never had any problems with it. (which is of course no guarantee).
root privileges as FireFlier wants to modify the firewall rules, it has of course got to be root. (this applies only to the server !!!)
external program to save iptables rules
FireFlier itself does NOT save the iptables rules. You will have to use some other program (or script) to do this.
BUT: All rules which filter access for applications are saved by FireFlier, as they are not accessible from outside of FireFlier. These rules are saved in /var/lib/usrules.dat.
openssl libraries as every connection between the server and the client is encrypted you will also need the openssl libraries to compile FireFlier.
QT-Client
QT 3.x at the moment the QT Client can only be compiled using QT 3.x.
openssl libraries as every connection between the server and the client is encrypted you will also need the openssl libraries to compile FireFlier.
Java Client
Java 1.2+ the java client should work without any problems with java 1.2 or higher. it may be, that older versions work, but I have not tested them. I am interested in any information about this topic.
SSL is already included in the FireFlier package.
What's New in This Release:
GTK client included
fireflier 1.99 Beta2 keywords