New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider adding SubGraph's "fw-daemon" tool #1757
Comments
What's the purpose? Can / should it contain a malicious application
trying to circumvent it?
I find these a PITA. And last time I checked these personal firewalls,
not capable of containing malicious applications.
|
@adrelanos not sure I understand what you're saying. This tool (like LittleSnitch) is really useful in letting a user know things like:
The former is just intrusive data mining / reporting that usually goes unnoticed. The later could be a sign of malware. Both of which are helpful to users. |
The output of such tools is not reliable as in not to be trusted. lightbeam (firefox add-on) and perhaps noscript are better suited to Brennan Novak:
I think it's up to us distribution maintainers not to pre-install such Such as people loudly complained about the Ubuntu search box amazon data
As soon as such tools get pre-installed by default on a considerable |
Such tool can be useful for training your firewall. To setup firewall for particular VM to access only resources you want. For example: |
@adrelanos because users never install software on their own? And they don't all know how to use Wireshark or netstat? I ran Atom Editor by Github for months (on my Qubes) machine, before I used it again on my Mac and LittleSnitch informed me there was a "debugging" module enabled by default that submitted to We might want to enable |
I like this idea.
Granted, if your bank starts serving up malware you won't detect that. But
you also won't be connecting to near as many hosts. So it lowers your
threat level.
|
Closing as retroactive duplicate of #2350, per #2350 (comment). |
The folks at SubGraph OS have made a really handy tool they call
fw-daemon
which monitors network requests and allows the user to allow / disallow specific requests. The daemon presents a focus grabbing widget that looks like:I think this is highly useful helping users better understand when certain applications are sending their data and where. SubGraph based their tool on LittleSnitch which is MacOS and I really miss on Linux. SubGraphs tool is not packaged yet, but we should look into the feasibility of integrating it with Qubes once it gets more refined. I assume making VM specific firewall rules will be a challenge if it is implemented differently!
The text was updated successfully, but these errors were encountered: