Gufw

Will Gufw ever show active connections and intrusion attempts?

Asked by xwisdom

Hello,

I would like to know it Gufw will ever show things like Active Connections (similar to Firestarter) and event logs for attempted incoming connections on a port that's not allowed?

It would be very much appreciated if we could also use gufw to deny access based on application (similar to ZoneAlarm for windows) or by users/groups.

Question information

Language:
English Edit question
Status:
Answered
For:
Gufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
caio (caioborghoff) said : 		#1

Features like "Active Connections" and "Blocked Connections" are in the top of my list for feature requests. They would make Gufw a perfect solution for me.

I'm new to Linux, but as far as I understand (someone please correct me if I'm wrong) there is no possibility to deny access based on application, because Linux firewall is based on iptables and not applications rules. I guess all Linux firewalls are just interfaces for editing iptables. They all basically use the same backend.

Network control based on applications is a feature that Windows users (I use Comodo Firewall) are very familiar with, because the OS has several applications that phone home for updates or for other obscure reasons, sometimes without user knowledge, which is a key feature of the vast amount of viruses and other pests. Due to vulnerabilities of several applications, including the OS, a tight control of which applications can connect to the network is an essential feature. But I guess Linux applications don't phone for updates, because this is controlled by the package managers. Additionally, since Linux is open source, applications with malicious code are easily spotted and removed from repositories. Not to mention the practically absence of Linux viruses.

So, I think you don't have to worry about denying access on an application basis. What you have to do is to use the blocklist import feature to prevent malicious users and web sites to connect to your machine.

Revision history for this message
Tomas Gustavsson (tomplast) said : 		#2

My knowledge of iptables is extremly limited but I was looking at something called libipq, that seems to be a library for relaying the traffic to a user program and then let the program decides whether to let the traffic through or not, maybe that's how ufw is working, I have no idea.

If I don't remember it correctly netstat does show which program opens a particular connection, somehow maybe that can be used together with the above?

So, maybe I'm just delusional here or something. But at least I have to try ;).

Revision history for this message
Anakin Starkiller (sunrider) said : 		#3

I use iptstate (a "top" utils for active connection) and fwlogwatch to log iptable events ;)

Revision history for this message
Vadim Peretokin (vperetokin) said : 		#4

Probably no unless 'ufw' acquires this ability. Marcos believes that a
separate purpose should be for the watching.

Can you help with this problem?

Provide an answer of your own, or ask xwisdom for more information if necessary.

To post a message you must log in.