Linux Application Firewall

For desktop users who want additional privacy

The LAF Project

A Linux Application Firewall (LAF) is a personal host-based firewall for everyday desktop Linux users. It will allow users to block or allow, certain programs from accessing the network.

e.g. The calculator application should not be allowed access to the network. However, you might want to allow it access once to get the latest currency exchange rates.

The project’s primary outcome is the development and release of a usable application firewall for use by the community.

Overview digram showing only some applications allowed network access

The figure above shows each application on the computer with their own set of access rules. We can see that App0, the media player can access, while Apps 2 and 3 are denied any network access.

Project Objectives

  1. To create an intuitive and simple to use application, designed for use by novice/non-expert desktop users.
  2. Use modern kernel features such as eBPF, namespacing, or c-groups to filter applications’ request for network access. These features will provide good performance without introducing additional reliability risks to the overall system.
  3. To support all major desktop distributions. This will provide many users with an additional layer of privacy and security without having to understand complex systems such as SELinux or AppArmor.


Existing LAF implementations do not take full advantage of the Linux kernel. This results in a bad experience for end-users, ultimately, leaving the idea dead in the water.

Background chatter on the Internet, shows there is an interest in a desktop application firewall, that can provide the average user with an additional layer of security.

While expert users advocate the use of complex Mandatory Access Control (MAC) systems, such as SELinux and AppArmor to provide the same level of protection. This work attempts to find a middle ground between the two.

Notice: LAF is currently in active development. If you want to be notified when a stable release is available, you can subscribe to the announce list.

Simply send an empty email to: ~uncharted-security/


Accepted Technical Paper to TMA2020

1 Jun 2020 | Permalink | Tags ( news paper )

We have published a 1-page abstract at TMA2020 as a lightning talk.

You can read the paper here, and you can watch the lightning talk below, or over at vimeo

2020-June-10 Update: This won the best lightning talk presentation.

In Other News

Want to get involved, got questions?

All the fun is done using plain email. We have three mailing lists which you can engage with based on your interest. You don’t need to subscribe to the list if you don’t want too.

Help anyone stuck or have some questions. Post here!
Development where we discuss the technical software issues, this not for everyday users.
Discussion both technical and non-technical talk regarding LAF.
Announce, a low-frequency list, containing only announcements.

Software Development

If you are looking for some coding challenges, have a look at our GitHub tickets, and if you’re new, check out the good first issue tag.

Mailing Lists

No subscription required to post. Please review our code of conduct before engaging with the community.


Check out the source code on GitHub.

The code is licensed under the permissive 3-Clause BSD License, while all documentation is covered by Attribution-ShareAlike 4.0 International (CC BY-SA 4.0).


There are no existing releases.

LAF is under heavy development and as such we are not supporting specific point releases. However, in the future, we shall work towards a release cycle, and plan to create packages for many distributions.

docs - faq - get involved - code

Header photo by Viktor Forgacs

Updated on 7 Sep 2023 (CC BY-SA 4.0)
An Uncharted Security project.