Ubuntu – ny Application level firewall for Ubuntu 16.04? (with GUI)

firewallsoftware-recommendation

I must confess that I'm very new to Linux world, and there are concepts that seem very unfamiliar to me.

One thing I miss the most is a good yet simple application level firewall. As of now, with all this pervasive intrusive and permanent connectivity to the internet it is a must to know what exactly is your computer doing, why and with whom. A protocol analyzer is ok but too unfriendly and time consuming to "analyze" that is practically useless for home users.

I have discovered a lot of programs in Windows environments that should not connect to the internet but they do (and with my ZoneAlarm free firewall I can stop them).

With Gufw (and several others) you have to know which apps do you have already installed (and we know that this is almost impossible with this modern OS´s with billions of code-lines).

What I'm looking for is a firewall that monitors the NIC/WAN connection and detects any program/app or whatever trying to "talk" through it proactively, regardless the port trying to use (must of the apps I mentioned earlier try to connect using well know TCP ports: 80, 443, 8080). Does this exist? (If not, then how I know what is doing my computer for sure?)

Best Answer

Douane

Douane is a personal firewall that protects a user's privacy by allowing a user to control which applications can connect to the internet from their GNU/Linux computer.


Installation

Until now (2017/05/22) there isn't Ubuntu packages available. You must build it from source.

These installation instructions are based on information from the Douane Wiki and tested on Ubuntu 16.04.2 64-bit.

Open a terminal (Ctrl+Alt+T) to run the commands.

Preparation

Update your system:

sudo apt update
sudo apt full-upgrade

If you get a notification asking to restart your computer, then restart it.

Install the dependencies

sudo apt install git build-essential dkms libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev libgtkmm-3.0-dev python3 python3-gi python3-dbus

Create a directory for compilation

cd
mkdir Douane
cd Douane

Build the kernel module

git clone https://github.com/Douane/douane-dkms
cd douane-dkms
sudo make dkms

Check if the module was built and installed correctly:

lsmod | grep douane

You should see something like:

douane                 20480  0

Build the daemon

cd ~/Douane
git clone --recursive https://github.com/Douane/douane-daemon
cd douane-daemon
make
sudo make install

Build the dialog process

cd ~/Douane
git clone --recursive https://github.com/Douane/douane-dialog
cd douane-dialog
make
sudo make install

Start the dialog process:

/opt/douane/bin/douane-dialog &

Then check if it is running:

pgrep -a douane-dialog

You should see something like:

21621 /opt/douane/bin/douane-dialog

Build the configurator

cd ~/Douane
git clone https://github.com/Douane/douane-configurator
cd douane-configurator
sudo python3 setup.py install

Start the daemon and setup automatic starting

I had to insert the following text in the file /etc/init.d/douane in order to enable the automatic starting of the daemon:

### BEGIN INIT INFO
# Provides:          douane
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Douane firewall
### END INIT INFO

Open the file for edit:

sudo nano /etc/init.d/douane

Then paste the above text after the program description. Press Ctrl+O,Enter to save, then Ctrl+X to exit the editor.

This is the first 21 lines of the file after I inserted the text:

#!/bin/bash
#
# douane      This shell script takes care of starting and stopping
#             douane daemon (A modern firewall at application layer)
#
# Author: Guillaume Hain zedtux@zedroot.org
#
# description: douane is the daemon process of the Douane firewall application. \
# This firewall is limiting access to the internet on application bases.

### BEGIN INIT INFO
# Provides:          douane
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Douane firewall
### END INIT INFO

# Source function library.
. /lib/lsb/init-functions

Now you can set up the auto start and start the daemon:

sudo systemctl daemon-reload
sudo systemctl enable douane
sudo systemctl start douane

Activate the filter and auto start the dialog

Start the configurator:

douane-configurator

Then make sure the switches Use Douane to filter my network traffic and Auto start Douane on boot are both turned on.

You can review the filtering rules in the Rules tab. Right clicking a rule you get an option to delete it.

Test

If everything is fine you should see the Douane window asking for permission when you open applications that uses network connections.

Related Question