Main Area and Open Discussion > Non-Windows Software

NIX: Douane - An application aware personal firewall

(1/2) > >>

40hz:
UPDATE: Major problems with this app. See this post below.


Just saw a reference to this over on Distrowatch.

Looks like somebody coded a personal firewall (Douane) that is "application aware." First time something goes to connect to the web, it affords you the opportunity to allow or deny it. Your answer then becomes a rule that's stored for future use.

NIX: Douane - An application aware personal firewall

There's also a control panel that allows you to start and stop the firewall plus enable/disable/delete rules you've already created. This is very similar to how a Windows firewall called ZoneAlarm used to behave. Very convenient for a newbie user. It's also occasionally eye-opening when you see just which apps are seeking web access. And when.

NIX: Douane - An application aware personal firewall

Very handy IMO.

Douane is not in any repo so far. And the only semi-packaged version seems to be for Arch. Everybody else gets to "Git" and compile it. Not a big challenge as the devs published a very detailed page with all the steps necessary. Even a novice should be able to do it.

Lack of a distro specific package isn't an issue for me. And I have no problem doing a compile. But my concern is that part of the installation process creates and installs a DKMS kernal module. This makes perfect sense for an app like a firewall. But I'm a little leery of allowing that when I don't know much about the app or its developers. Especially when it's a security app and includes a DKMS module which will auto-recompile when/if a new kernal gets installed. (Note: that last concern isn't valid - see mwb1100's post below.)  Because what's benign and on the 'up & up' today may not be tomorrow.

So. Anybody have any direct experience or heard more about this thing or the folks behind it? :huh:

mwb1100:
Keep in mind that the auto-recompile done by the DKMS system uses the same source file that was already compiled for the kernel you were using - so the auto-recompile won't introduce any malicious code that wasn't already there.

Trusting the kernel module in the first place is a different story; at least the source is available for audit.  It's a single C file, but it would still probably take a fair bit of study to audit.

IainB:
Not sure I understand what is so special about this. I thought things like - for example - Windows 7 Firewall Control, were "application aware" - i.e., pretty much just as you describe above - no?

Shades:
@IainB
In my (very) limited experiences with Linux, most firewalls do not have a simple or easy interface. While these are powerful, it is easy to set these up insufficiently and/or incorrectly. Finding this out and fixing that isn't that easy, especially when you are accustomed to the Windows way of doing things.

The old ZoneAlarm firewall or SyGate firewall were good at their job and easy to setup. It would be nice to have such an easily configurable firewall on Linux.

40hz:
Not sure I understand what is so special about this. I thought things like - for example - Windows 7 Firewall Control, were "application aware" - i.e., pretty much just as you describe above - no?
-IainB (December 08, 2014, 01:24 PM)
--- End quote ---

I didn't think it was 'special' so much as it was easy and convenient. Firewall configuration on the Linux platform isn't all that user friendly. Especially for innocent newcomers. Even the 'easy' GUI tools to do it are decidedly geeky.

As far as what Windows own firewall does, I don't have much to say other than it doesn't run on Linux - so it didn't enter into my admittedly limited thought process when I did the original post. ;)

UPDATE: Ah! I see Shades has already chimed in. To which I say: this!  ;D :Thmbsup:

Navigation

[0] Message Index

[#] Next page