Created by
Luigi Genoni, venom@DarkStar.sns.it
Version 1.0.0
Welcome to knetfilter. This application manage netfilter rules. knetfilter gives you the option to close a port for the rest of your network or the internet. There is a list of the most commonly exploited ports later. There is probably some qt and KDE guru out there who thinks this application sucks, or that the code is poorly. I have to say that I am not a very good coder, the knetfilter code may be poor, or/and bad but it works (here anyway). As model i took kfirewall, that was good for his own purpose, but i tried to make possible to manage all common things that everyone would like to do with his own firewall. I also addedd interface to tcpdump and nmap, to make it possible to manage seriously security issues. The main scope of this application is to be usefull, easy to understand and to be developed.
This application has been thinked to be used not only with lan, but also with ppp, slip, isdn connections, if someone would like to connect more than one computer to the internet trought his modem. This is an eredity from kfirewall that I am happy to keep.
When it will be possible i will include the possibility to save the port settings and to reload them. Right now i am waiting netfilter guys to implement this possibility as it was for ipchains.
All you have to do to is insert your ethernet IP-address and your netmask. You can find these options at the bottom left of the application.
Add rule will block the port you have specified in the port input. Delete rule will open the port you have specified unless the port is not blocked. You can choice beetwen tcp, udp, both tcp and udp, or icmp packets.
It is important to choice the chain you want to manipulate and the policy of the rule you are going to insert.
This is used to flush all the rules, to get a clean and fresh start.
Masquerading on means allow all connections from your network to access the internet.
List all the current users witch is on the internet, and list all the destination addresses that they are visiting.
This is a brand new option, witch will allow you to view all the current rules in ipchains. You can also see nat settings.
This is a autoprobe for you eth device, and only the eth device. It will find your IP address and your netmask. If it doesn't get you IP address, then configure it manually. It was a non sense to autoprobe other devices. Since I am supporting them, I am intending knetfilter to be used for mission critical Linux firewalls on the network, that means for the most of cases "lan". Anyway network address aliases on some interface are not supported. Usually it has no meaning, since aliases are expensive to be managed by the system and for a firewall they should never be used. If I will be asked I will see if include them
This clears the rule list.
If you get an error message like: "iptables died" then there is something wrong (hehe). Check if iptables in /usr/bin. If not link iptables from the current location to /usr/bin, you can do this with the command: ln -s <where ipchains is located>/iptables /usr/bin/iptables. The same is true for ipnatctl commad.
I am going to include this, but my first priority is a full implementation of NAT capabilities.
Kim Andre Northeim, kim-nor@online.no
Original author of kfirewall that i took as model for my knetfilter.
Luigi Genoni 2000 venom@DarkStar.sns.it