Linux Application Firewall

A Linux Application Firewall (LAF) is a personal host-based firewall for everyday desktop Linux users. It will allow users to block or allow, specific programs from accessing the network.

e.g. The calculator application should not be allowed access to the network. However, you might want to allow it access once to get the latest currency exchange rates.

The project’s primary outcome is the development and release of a usable application firewall for use by the community.

Project Objectives

1. To create an intuitive and simple to use application, designed for use by novice/non-expert desktop users.
2. Use modern kernel features such as eBPF, namespacing, or c-groups to filter applications’ request for network access. These features will provide good performance without introducing additional reliability risks to the overall system.
3. To support all major desktop distributions. This will provide many users with an additional layer of privacy and security without having to understand complex systems such as SELinux or AppArmor.

Motivation

Existing LAF implementations do not take full advantage of the Linux kernel. This results in a bad experience for end-users, ultimately, leaving the idea dead in the water.

Background chatter on the Internet, shows there is an interest in a desktop application firewall, that can provide the average user with an additional layer of security.

While expert users advocate the use of complex Mandatory Access Control (MAC) systems, such as SELinux and AppArmor to provide the same level of protection. This work attempts to find a middle ground between the two.