Description: KWallBuilder is a tool for adding iptable rules based on the responses of the user. It tries to insulate the user from the complexities of creating a linux firewall using the iptables mechanism.
The current version supports rules based on network layer protocol and ports. It supports TCP,UDP and ICMP protocols.
The application requires root privileges. One approach would be to add an entry in the /etc/sudoers file and run the application through sudo.
While KWallBuilder adds iptable rules, it does not guarantee that the added rules will be sufficient to completely protect the system, more details can be obtained from the application's home page.
Though the rpm provided is for SuSE, it can be used on any distribution. The rpm installs in /opt/kde3/ . The application and the icon can then be copied into the KDE directory for the distribution.
I see this project is dead... I have the source, but it doesn't work anymore on current linux... so if anyone wants it, just tell me where to put it... it would be great if this project continued in development. It helps people to understand how ipchains works.
I appreciate the feedback on the configuration dialog. I felt its need quite late in the development and implemented the neccessary functionality without concentrating any real effort into the aesthetics of the configuration dialog.
I did not use which since it searches through the PATH environment variable looking for the executable. I did not want to assume that iptables and modprobe will always be in path. Hence, I provided for the configuration of the paths.
Maybe I can use which first and if I do not find the executable then I can request the user to configure the path.
Thanx for the advice - it was really that libipq.h was in /usr/include/libipq/libipq.h so I copied it /usr/include/libipq.h and now it works! Now I just have to find out another problem :-) "Error setting mode for IPV4 interface"
The application requires root privileges to
1)Load the ip_queue module and
2)Invoke the iptable utility.
One approach would be to add the application in the file /etc/sudoers and
run it through sudo kwallbuilder.
Also, please check if the ip_queue module is available (it is usually available).
OK. Now the application is running, embeded in systray. The module ip_queue is loaded, but nothing happens :( I should probably configure the path to iptables or modprobe but where can I find it?
While KWallBuilder is initializing you should have been asked for the paths to iptables and modprobe.
Login as root and issue iptables -L if you see 3 input and 3 output rules with QUEUE that implies that iptables was found and since ip_queue was loaded it would imply that modprobe was found.
If the above is true, try ping yahoo.com.
Can you check for the .kwallbuilder.conf in the home directory ? If it is prsent please delete it and run KWallBuulder again, you should be asked for the paths.
Else, right click on the icon in the system tray and you should see a config option. Config and run KWallBuilder again.
Finally :-) thank you for help. Now it works correctly. I just didn't know that it asks me for path to binary file modprobe and iptables. (/sbin/*). I really like that application. I spent so many hours looking for such software and it didn't exist. Maybe if I could see which application has sent the packet, it would be easier to decide whether to allow or deny it. So, I wish you that the development goes well.
It's a great Idea!!! Finally someone brougt this idea to linux... but although ./configure is OK, I cannot compile it:
In file included from main.cpp:22:
kwallbuilder.h:40:20: error: libipq.h: No such file or directory
kwallbuilder.h:75: error: 'ipq_handle' has not been declared
kwallbuilder.h:91: error: ISO C++ forbids declaration of 'ipq_handle' with no type
kwallbuilder.h:91: error: expected ';' before '*' token
builderthread.h:52: error: ISO C++ forbids declaration of 'ipq_handle' with no type
builderthread.h:52: error: expected ';' before '*' token
make[2]: *** [main.o] Error 1
...
Whats broken?
(gcc 3.4, Gnu\Linux Etch (testing))
I installed iptables-dev but make fails again. libipq.h is located in /usr/include/libipq/libipq.h where can I find list of all dependencies? Maybe there's still something missing.
I think only one item can be hosted on the kde-apps site. I uploaded the rpm since it is more convenient to use (since it does not have a lot of dependencies).
I would have to create a file that combines the source archive and the binary rpm to upload both to kde-apps.
I am hosting the files myself on my own website and unfortunately my service provider does not allow incoming requests on port 80.
I can mail the tar.gz to you.
P.S. I cannot access port 9054 either from my work.
Ratings & Comments
25 Comments
I see this project is dead... I have the source, but it doesn't work anymore on current linux... so if anyone wants it, just tell me where to put it... it would be great if this project continued in development. It helps people to understand how ipchains works.
P. S. Broken link is "http://www.kde-apps.org/content/download.php?content=32926&id=2"
That's all subj. Link is broken and there is nothing to say more. (Maybe these are temporary problems?)
P. S. Broken link is "http://www.kde-apps.org/content/download.php?content=32926&id=2"
A SlackWare TGz package with SlackBuild Script is Ready to DownLoad!!! http://www.slacky.it/ http://www.slacky.it/index.php?option=com_remository&Itemid=1&func=fileinfo&filecatid=884&parent=category
Thanks a bunch.
avasaralak whi you didn't use "which" program or script to configure you configure gui useless and poor (sorry)
I appreciate the feedback on the configuration dialog. I felt its need quite late in the development and implemented the neccessary functionality without concentrating any real effort into the aesthetics of the configuration dialog. I did not use which since it searches through the PATH environment variable looking for the executable. I did not want to assume that iptables and modprobe will always be in path. Hence, I provided for the configuration of the paths. Maybe I can use which first and if I do not find the executable then I can request the user to configure the path.
ok that's right
Thanx for the advice - it was really that libipq.h was in /usr/include/libipq/libipq.h so I copied it /usr/include/libipq.h and now it works! Now I just have to find out another problem :-) "Error setting mode for IPV4 interface"
The application requires root privileges to 1)Load the ip_queue module and 2)Invoke the iptable utility. One approach would be to add the application in the file /etc/sudoers and run it through sudo kwallbuilder. Also, please check if the ip_queue module is available (it is usually available).
OK. Now the application is running, embeded in systray. The module ip_queue is loaded, but nothing happens :( I should probably configure the path to iptables or modprobe but where can I find it?
While KWallBuilder is initializing you should have been asked for the paths to iptables and modprobe. Login as root and issue iptables -L if you see 3 input and 3 output rules with QUEUE that implies that iptables was found and since ip_queue was loaded it would imply that modprobe was found. If the above is true, try ping yahoo.com. Can you check for the .kwallbuilder.conf in the home directory ? If it is prsent please delete it and run KWallBuulder again, you should be asked for the paths. Else, right click on the icon in the system tray and you should see a config option. Config and run KWallBuilder again.
Finally :-) thank you for help. Now it works correctly. I just didn't know that it asks me for path to binary file modprobe and iptables. (/sbin/*). I really like that application. I spent so many hours looking for such software and it didn't exist. Maybe if I could see which application has sent the packet, it would be easier to decide whether to allow or deny it. So, I wish you that the development goes well.
just type full path (with program names) to iptables and modprobe... /sbin/iptables /sbin/modprobe etc.
It's a great Idea!!! Finally someone brougt this idea to linux... but although ./configure is OK, I cannot compile it: In file included from main.cpp:22: kwallbuilder.h:40:20: error: libipq.h: No such file or directory kwallbuilder.h:75: error: 'ipq_handle' has not been declared kwallbuilder.h:91: error: ISO C++ forbids declaration of 'ipq_handle' with no type kwallbuilder.h:91: error: expected ';' before '*' token builderthread.h:52: error: ISO C++ forbids declaration of 'ipq_handle' with no type builderthread.h:52: error: expected ';' before '*' token make[2]: *** [main.o] Error 1 ... Whats broken? (gcc 3.4, Gnu\Linux Etch (testing))
The package iptables-devel is required for compiling the application. It provides the file libip.h.
I installed iptables-dev but make fails again. libipq.h is located in /usr/include/libipq/libipq.h where can I find list of all dependencies? Maybe there's still something missing.
It fails with the same problem like without iptables-dev.
Did you run configure after installing iptables-devel ? Also, you can either copy or link libipq into /usr/include or change include path in the code.
Can you post it another place that uses por 80 and not 9054, so the users that are behind a firewall are able to download it?
I uploaded the rpm to kde-apps.org. It should be available on port 80.
Nope, the "Source download" still points to www.avasarala.info .
I think only one item can be hosted on the kde-apps site. I uploaded the rpm since it is more convenient to use (since it does not have a lot of dependencies). I would have to create a file that combines the source archive and the binary rpm to upload both to kde-apps. I am hosting the files myself on my own website and unfortunately my service provider does not allow incoming requests on port 80. I can mail the tar.gz to you. P.S. I cannot access port 9054 either from my work.
I can't use the rpm as I don't use SuSE. I can host your source tarball if you want.