I must confess that I'm very new to Linux world, and there are concepts that seem very unfamiliar to me.
One thing I miss the most is a good yet simple application level firewall. As of now, with all this pervasive intrusive and permanent connectivity to the internet it is a must to know what exactly is your computer doing, why and with whom. A protocol analyzer is ok but too unfriendly and time consuming to "analyze" that is practically useless for home users.
I have discovered a lot of programs in Windows environments that should not connect to the internet but they do (and with my ZoneAlarm free firewall I can stop them).
With Gufw (and several others) you have to know which apps do you have already installed (and we know that this is almost impossible with this modern OS´s with billions of code-lines).
What I'm looking for is a firewall that monitors the NIC/WAN connection and detects any program/app or whatever trying to "talk" through it proactively, regardless the port trying to use (must of the apps I mentioned earlier try to connect using well know TCP ports: 80, 443, 8080). Does this exist? (If not, then how I know what is doing my computer for sure?)
Best Answer
Douane
Installation
Until now (2017/05/22) there isn't Ubuntu packages available. You must build it from source.
These installation instructions are based on information from the Douane Wiki and tested on Ubuntu 16.04.2 64-bit.
Open a terminal (Ctrl+Alt+T) to run the commands.
Preparation
Update your system:
If you get a notification asking to restart your computer, then restart it.
Install the dependencies
Create a directory for compilation
Build the kernel module
Check if the module was built and installed correctly:
You should see something like:
Build the daemon
Build the dialog process
Start the dialog process:
Then check if it is running:
You should see something like:
Build the configurator
Start the daemon and setup automatic starting
I had to insert the following text in the file
/etc/init.d/douane
in order to enable the automatic starting of the daemon:Open the file for edit:
Then paste the above text after the program description. Press Ctrl+O,Enter to save, then Ctrl+X to exit the editor.
This is the first 21 lines of the file after I inserted the text:
Now you can set up the auto start and start the daemon:
Activate the filter and auto start the dialog
Start the configurator:
Then make sure the switches Use Douane to filter my network traffic and Auto start Douane on boot are both turned on.
You can review the filtering rules in the Rules tab. Right clicking a rule you get an option to delete it.
Test
If everything is fine you should see the Douane window asking for permission when you open applications that uses network connections.