Genwall v1.0.0 for the N900

Genwall is a simple iptables firewall for Maemo fremantle. It generates scripts that will be executed. There is also an option where you can add or remove local ports during runtime.

Follow the Meamo talk thread:

Genwall a simple iptables firewall

You can have a look at the pictures and you will see what the application can do.

Activate logging

Netfilter is a part of the Kernel and the logging works with syslog. So you need to install sysklogd. After installation you will find the config file in "/etc/syslog.conf". To prevent to much logging and fill up root disable all logs and enable kernel logging to "/home/user/.genwall".

kern.warning /home/user/.genwall/iptables.log

Requirements

The application itself can be downloaded from extras-devel repository.

- you need to start the application as root
- iptables of course
- sudser (only if you want to start with desktop icon) or create a right file in "/etc/sudoers.d" will be fixed in next version
- rootsh for gainroot (only if you want to include gainroot in script)
- sysklogd (only if you want to enable logging)

Screenshots

After starting the application it asks for the system root password.

tiemu

Here you can set basic rules. Normally all Incoming gets blocked. You can allow all connections from local lan and local machine. Under "Local - Ports" you can define ports or range to be accepted.

All files genwall creates are in "/home/user/.genwall/".
"gen" button = generates firestart.sh
"start" button = runs the script
"stop" button = generates and runs firestop.sh script

tiemu

Here you can deny or accept icmp packets coming from wan, lan or both. You can also set none matching icmp packets get logged through the firewall chain.

tiemu

Here you can define ports or range to be accepted from WAN or LAN. When generating firewall script all listed ports will be accepted.

tiemu

With "add now" you can open ports during runtime by inserting a input filter rule.

tiemu

Here you can add ssh port to be reachable from WAN by only one ip.

tiemu

Overview of filter chains.

tiemu

With a right click (push longer until menu pops up) and open you will see a list of the INPUT chain. With a double click on an entry it will remove the rule in runtime.

tiemu

Overview list of open connections.

tiemu

The settings tab is for saving the settings from checkboxes and more. You can also activate bad flags and gainroot for the generated script.

tiemu

Here you can activate forwarding to the local lan and the packages gets masquerade to LAN or a subnet.

tiemu

Here you can set ports which get forwarded to a specific ip.

tiemu

Overview nat chains.

tiemu

Here you can block the outgoing traffic and add some exceptions. You can also activate logging for the blocked connections. If not right configured it will lead to none working web applications.

tiemu

Here you can define extra rules.

tiemu

Here you can activate logging for predefined chains. Start stop sysklogd and set the filter for the log view. The delete button will be active if sysklogd is not running. It will delete the log file and the load button will load the log file to log view.

tiemu

Filter option for the log view tab.

tiemu

Log view tab. With a right click and open you can create rules for blocked events or refresh the logview.

tiemu

Right click and open will open a list with the log view content. With a double click on an entry the rule creator pops up.

tiemu

Extra rule creator. Will create a rule in the extra rules listwidget. "Accept now" will insert as first entry a rule in the INPUT chain at runtime. When the current ip checkbox is enabled then the created rule is only set for the ip from logfile.

tiemu

Here you can change the gateway, default route or the dns server of resolv.conf.

tiemu

Shows IP information from all devices.

tiemu

Routing table information.

tiemu

Have fun all best.