On Fri, 17.08.07 02:30, Bastien Nocera (bnocera@xxxxxxxxxx) wrote: > > Anybody for firewall2allow? (: > > Maybe Lennart can fix it too? :) > > Here's an old entry in my bookmarks: > http://0pointer.de/lennart/projects/fieryfilter/ > http://0pointer.de/lennart/projects/fieryfilter/fieryfilter.png > > This probably needs UI love, and use of D-Bus instead of Unix sockets > for the admin rights, but the idea is there. Fieryfilter used the userspace QUEUE netfilter target to do its work. That sucked big time, because if the user didn't click away his dialogs quick enough the sender would repeat its packet which is difficult to deal with if you don't want to accumulate dialogs for the same packets. If someone wants to investigate the whole desktop firewall for Linux thing a little more I think it would make more sense to write an LSM module for that kernel that intercepts the socket calls (i.e, accept(), listen(), connect() and friends) and relays them to userspace for a verdict. Would be much cleaner and simpler. And would also be a good excuse to keep LSM in the kernel. ;-) (Hmm, that could also be integrated with PolicyKit...) Last time I looked it was difficult to stack LSMs, hence this all is not trivial. When you do all that (moving it on the D-Bus, a new UI and basing the work on LSM instead of netfilter) then you would not be able tokeep a single line of code of the old fieryfilter. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net ICQ# 11060553 http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
