Hi folks,

one week without internet at home and I started to write an iptables generator with simple firewall functions. I used the N900 as a router and the poor bandwith forced me to use local stuff on my computer like programming.

Now it is already a little sweet application, I want to share. But still there is lot of room for improvements.
Keep attention when you want to use logging and installing sysklogd it can fill up root memory. At the moment the application itself read the log file from /home/user/.genwall/iptables.log (you can configure /etc/syslog.conf for that).

All files genwall creates are in "/home/user/.genwall/".
"gen" button = generates firestart.sh
"start" button = runs the script
"stop" button = generates and runs firestop.sh script

The script is based on this example:
http://www.debuntu.org/iptables-how-...-connection-p3
There are the same chains defined but here you can choose logging or not.



requirements:
- you need to start application as root
- iptables of course
- sudser (only if you want to start with desktop icon) no more needed since v1.0.1
- rootsh for gainroot
- sysklogd (only if you want to enable logging)


Changelog v1.0.1
- added start script for application icon
- small fix in save widget option
- added sysinfo to about dialog
- added rootsh and iptables to dependencies

Changelog v1.0.0 (release candidate)
- Layout changes
- removed button bugs
- removed syslog related pid bug
- removed listwidget add bug no double item
- added syslog handler
- added log view
- added filter options for log view
- added extra rule creator for log view
- added icmp handling
- added filter view
- added nat view
- added output handling
- added root password Authentication
- added add/remove gateway
- added dns resolv
- added runtime add rule for log view and lo ports
- added runtime remove rule for filter view
- added save & load function for widget option

Changelog v0.0.2 (patched prerelease)
- removed add forward port bug
- removed load bug listwidget gets cleared before loading
- improved local port handling
- added function extra rules
- added function clear all to listwidgets
- added pidof syslogd, klogd
- added notifications for start, stop, gen

v0.0.1 (prerelease)

For more screenshots and little description go to:

http://www.setius.net/n900_genwall.html

Have fun generating your rules. Comments are welcome.

Old Deb file v0.0.2 by sifo

For N900 the application is in extras-devel now.
For N9(50) the application is in a very experimental stage.

unbelievable how much time you find yourself with without I-Net, huh

thanks!

going to install it on test dev & let you know how it works; usually only use to exchange files between the two N900s or to sync backup on PC.
if that behaves / works on test dev i'll give it a try on primary & test "Qt Mobile Hotspot" as well

may take a couple days, though

Excuse my ignorance as I run or install the script

genwall_v0.0.1_binary_armel.tar.gz contains the compiled ready to run genwall executable.
on windoooooz use 7zip to unpack it

• copy it into /usr/sbin e.g after copying it over from your PC to [N900]
• open an X-Terminal
• Code:

  root
  mv /home/user/MyDocs/genwall /usr/sbin
  chmod 755 /user/sbin/genwall
  genwall &
  exit
  exit

you only need to do mv and chmod the 1st time
after that simply become root & start it

i am gonna test it soon i get back home . Thanks ,been waiting for such kinda thing for long.Great stuff

Thank you very much, it works without problems

Thank you misterc for explaining. And sorry for my poor explanation. This application is atm a prerelease so only binary. I think it will grow in the future to a deb package and will get a shortcut

However you can run it also at user, the script that will be generated from the application uses gainroot to execute iptables.
I don't know if you run it the first time as root if it still working as user. It could be that after executing as root at first time that the user don't have the rights to the created directory and script. I will look and report.

And sorry for using windows shame on me. For linux I need to install the designer I have only installed the scratchbox environment.

@imo you are welcome. I wanted such application too and makes me happy that it is also useful for other people.

@D@vIcHoJD good to hear.

thank you Halftux for this useful app btw the UI reminds me of fAircrack :-D

What's the UI created with? Qt or GTK? What's the control for the buttons/tabs on the left?

Halftux,

thank you for the clarification.
however, if the executable is in /usr/sbin only root (or the system) will actually be able to start it
if the user should be able to start it as well, put it in /usr/bin
you still need to be root to place it there.
alternatively, as it doesn't have any location related dependencies (good coding ) put it anywhere where user has access and start it with absolute path (e.g. /home/user/MyDocs/genwall or ./genwall )

personally i feel a firewall belongs in /usr/sbin