For desktop users who want additional privacy
A Linux Application Firewall (LAF) is a personal host-based firewall for everyday desktop Linux users. It will allow users to block or allow, certain programs from accessing the network.
e.g. The calculator application should not be allowed access to the network. However, you might want to allow it access once to get the latest currency exchange rates.
The project’s primary outcome is the development and release of a usable application firewall for use by the community.
The figure above shows each application on the computer with their own set of access rules. We can see that App0, the media player can access app.example.com
, while Apps 2 and 3 are denied any network access.
Existing LAF implementations do not take full advantage of the Linux kernel. This results in a bad experience for end-users, ultimately, leaving the idea dead in the water.
Background chatter on the Internet, shows there is an interest in a desktop application firewall, that can provide the average user with an additional layer of security.
While expert users advocate the use of complex Mandatory Access Control (MAC) systems, such as SELinux and AppArmor to provide the same level of protection. This work attempts to find a middle ground between the two.
Notice: LAF is currently in active development. If you want to be notified when a stable release is available, you can subscribe to the announce list.
Simply send an empty email to: ~uncharted-security/linux-application-firewall-announce+subscribe@lists.sr.ht
1 Jun 2020 | Permalink | Tags ( news paper )
We have published a 1-page abstract at TMA2020 as a lightning talk.
You can read the paper here, and you can watch the lightning talk below, or over at vimeo https://vimeo.com/426302331.
2020-June-10 Update: This won the best lightning talk presentation.
All the fun is done using plain email. We have three mailing lists which you can engage with based on your interest. You don’t need to subscribe to the list if you don’t want too.
Help anyone stuck or have some questions. Post here!
Development where we discuss the technical software issues, this not for everyday users.
Discussion both technical and non-technical talk regarding LAF.
Announce, a low-frequency list, containing only announcements.
If you are looking for some coding challenges, have a look at our GitHub tickets, and if you’re new, check out the good first issue tag.
No subscription required to post. Please review our code of conduct before engaging with the community.
Check out the source code on GitHub.
The code is licensed under the permissive 3-Clause BSD License, while all documentation is covered by Attribution-ShareAlike 4.0 International (CC BY-SA 4.0).
There are no existing releases.
LAF is under heavy development and as such we are not supporting specific point releases. However, in the future, we shall work towards a release cycle, and plan to create packages for many distributions.
Header photo by Viktor Forgacs
Updated on 7 Sep 2023 (CC BY-SA 4.0)
An Uncharted Security project.