GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → doug-leith → appFirewall

doug-leith / appFirewall

Licence: other
A free, fully open-source application firewall for MAC OS High Sierra and later. Allows real-time monitoring of network connections being made by applications, and blocking/allowing of these per app by user. Supports use of hostname lists (Energized Blu etc) to block known tracker and advertising domains for all apps. Also allows blocking of all…

Programming Languages

c
50402 projects - #5 most used programming language
swift
15916 projects
objective c
16641 projects - #2 most used programming language
M4
1887 projects
Rich Text Format
576 projects
Makefile
30231 projects

Labels

macosfirewall

Projects that are alternatives of or similar to appFirewall

Mikrotik-Blacklist
Mikrotik friendly blacklist to filter all these damn hackers.
Stars: ✭ 70 (-39.13%)
Mutual labels:  firewall
opensnitch
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
Stars: ✭ 7,734 (+6625.22%)
Mutual labels:  firewall
Fragscapy
Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
Stars: ✭ 52 (-54.78%)
Mutual labels:  firewall
first-ten-seconds-redhat-ubuntu
A bash script to help secure a new CentOS or Ubuntu server quickly and easily.
Stars: ✭ 17 (-85.22%)
Mutual labels:  firewall
knox-firewall
Restrict mobile data on Samsung devices
Stars: ✭ 17 (-85.22%)
Mutual labels:  firewall
nftables-example
A playground ruleset to get to know nftables syntax
Stars: ✭ 19 (-83.48%)
Mutual labels:  firewall
opnsense-starterkit
Try opnsense, build opnsense images or start development
Stars: ✭ 18 (-84.35%)
Mutual labels:  firewall
uppersafe-osfw
UPPERSAFE Open Source Firewall
Stars: ✭ 21 (-81.74%)
Mutual labels:  firewall
aws-firewall-factory
Deploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (-37.39%)
Mutual labels:  firewall
IPRadar2
Real-time detection and defense against malicious network activity and policy violations (exploits, port-scanners, advertising, telemetry, state surveillance, etc.)
Stars: ✭ 20 (-82.61%)
Mutual labels:  firewall
Anti-DDOS-Script
Anti DDOS Protection that will stop DDOS from taking down your Linux Server
Stars: ✭ 51 (-55.65%)
Mutual labels:  firewall
mikrotik-fwban
Use your Mikrotik firewall to do fail2ban like blocking of unwanted IPs. Written in Go
Stars: ✭ 22 (-80.87%)
Mutual labels:  firewall
laravel-route-blocker
Block routes by IP
Stars: ✭ 77 (-33.04%)
Mutual labels:  firewall
LAF
Linux Application Firewall
Stars: ✭ 8 (-93.04%)
Mutual labels:  firewall
Splunk TA paloalto
The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
Stars: ✭ 15 (-86.96%)
Mutual labels:  firewall
butterfly
Butterfly connects Virtual Machines and control their traffic flow
Stars: ✭ 48 (-58.26%)
Mutual labels:  firewall
cni-plugins
CNI Plugins compatible with nftables
Stars: ✭ 29 (-74.78%)
Mutual labels:  firewall
BeFree
Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse
Stars: ✭ 24 (-79.13%)
Mutual labels:  firewall
XDP-Firewall
An XDP firewall that is capable of filtering specific packets based off of filtering rules specified in a config file. IPv6 is supported!
Stars: ✭ 129 (+12.17%)
Mutual labels:  firewall
waf4wordpress
WAF for WordPress 🔥 with 60+ security checks and weekly updates
Stars: ✭ 102 (-11.3%)
Mutual labels:  firewall
View All Similar Projects ➔

AppFirewall

A free, fully open-source application firewall for macOS 10.13 High Sierra and later. Allows real-time monitoring of network connections being made by applications, and blocking/allowing of these per app by user. Supports use of hostname lists (Energized Blu etc) to block known tracker and advertising domains for all apps. Also allows blocking of all network connections for specified apps, blocking of all connections except for specified whitelisted connections, use of pre-configured lists of connections per app to allow/block etc. Allows blocking of Google QUIC traffic. Can encrypt your DNS traffic using DNS-over-HTTPS.

Screenshot

The app is part of a research project in the School of Computer Science and Statistics at Trinity College Dublin, Ireland. By collecting data on the connections made by applications the study aims to highlight potential privacy issues (e.g. undocumented connections to known trackers/analytics), improve user security (data on baseline app behaviour can potentially be used to detect anomalous behaviour due to malware) and to improve our understanding of the app ecosystem. See information for participants.

Latest Reports

Getting Started

  • Download the .dmg and open it.
  • Drag the appFirewall icon into your Applications folder and click on it to start, there's nothing more to it.

How It Works

The firewall sniffs packets to detect TCP network connections.

  • On spotting a new connection it tries to find the app which is the source of the connection (you can try this yourself using the command "lsof -i | grep -i tcp").
  • It also tries to resolve the raw IP address from the connection to a domain name, e.g. www.google-analytics.com, by sniffing DNS response packets.
  • Once it has an (app name, domain name) pair it compares this against the white and black lists to decide whether to block it or not.
  • If it is to be blocked then the firewall sends TCP RST packets to the connection to force it to close.

The firewall needs root permissions to sniff packets and send TCP RST packets so it installs a privileged helper to carry out these actions (you're asked to give a password to allow this helper to be installed when the firewall is first started).

One nice thing about this approach is that the firewall does not lie in the direct path of network packets i.e. network packets do not have to flow via the firewall. That means if the firewall is stopped abruptly or is misconfigured then no real damage is done, network connectivity will be maintained. Another is that it keeps things lightweight and non-invasive -- to install /uninstall just copy/delete the firewall app from your Applications folder, there's nothing more to it.

The main downside of the approach is that a small number of packets can occasionally "leak" on a connection before it is shut down, especially when apps make multiple rapid connection attempts in a row (e.g. in response to being blocked). This doesn't seem like too big a deal though since its "privacy" (severely throttling tracking etc) that we're aiming for rather than strict "security". See Known Issues for more information.

Privacy

No personal data is shared by this app.

If you refresh the hostname files (with lists of blacklisted domains) then the web site that hosts the file may log the request (and so your IP address etc). Refresh of hostname files is manual only, i.e. only when you press the "Refresh Lists" button on the app preferences page, so you have complete control over this.

If the app crashes (hopefully not !) then it will send a short backtrace to http://leith.ie to help with debugging. There is no personal information in this backtrace, an example of one is the following:

0   appFirewall                         0x000000010dc3ae1e appFirewall   73246<br>
1   libsystem_platform.dylib            0x00007fff769b5b5d _sigtramp   29<br>
2   ???                                 0x000000011d3f8b76 0x0   4785671030<br>
3   libsystem_c.dylib                   0x00007fff76822d8a raise   26<br>
4   appFirewall                         0x000000010dc4fab5 appFirewall   158389<br>
5   appFirewall                         0x000000010dc5001b appFirewall   159771<br>

Its a list of entry points in the app so that I can see where it crashed, nothing more. There is no identifer linking this backtrace to the partricular instance of the app that you are running and the upload server does not log IP address or other connection details.

The firewall also periodically uploads a sample of the connections made by a randomly selected app. This is so we can try to learn more about app behaviour in the wild, and use this to develop better approaches for disrupting tracking etc. We exclude browser apps from this sampling since the connections made by a browser are potentially sensitive (it may reveal some information about browsing history). If you think other apps should also be excluded then post a ticket on the app's github repository or send me an email. An example of such a sample is the following:

Dec 03 21:36:13 2019	Dropbox	192.168.1.27:64379 -> 162.125.19.131 (bolt.dropbox.com):443	
Dec 03 21:36:23 2019	Dropbox	192.168.1.27:64380 -> 162.125.19.130 (telemetry.dropbox.com):443
Dec 03 21:37:16 2019	Dropbox	192.168.1.27:64381 -> 162.125.64.7 (api.dropboxapi.com):443
Dec 03 21:38:38 2019	Dropbox	192.168.1.27:64389 -> 162.125.19.131 (bolt.dropbox.com):443	
Dec 03 21:40:21 2019	Dropbox	192.168.1.27:64393 -> 162.125.36.1 (d.dropbox.com):443

The app stores a time-stamped copy of any such samples in the ~/Library/Application Support/appFirewall/samples folder so you can see exactly what has been uploaded. There is no identifier linking a sample to your copy of the app and the upload server does not log IP address or other connection details.

By default the app checks github monthly for updates, and automatically downloads and installs them. You can disable this via the app Preferences window and check for updates manually using the "Check for updates" menu option. Github logs traffic to the repository and displays counts of downloads etc which are publicly visible (feel free to check them here, Github's privacy policy is here ).

App store

The firewall isn't on the app store because the sandbox that app store apps must use blocks access to the proc_listpids() and proc_pidfdinfo() syscalls used to monitor running processes. I've put in a request to Apple to enable this access, we'll see how they respond. The app sandbox also blocks sniffing of network packets and sending of TCP RST packets, although app Network Extensions may provide a workaround to this in Catalina and later.

Source code

See github

Contributing

New ideas and help with development always welcome ! The way to do propose code changes is to fork your own branch from the repository here, then send me an email with proposed changes and a link to the branch. To report bugs or make feature requests please use the github issue tracking system (see tabs at top of this page).

Authors

Doug Leith

License

BSD 3 License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].