Vuurmuur

This may be a little off-topic for this weblog, but since I spend quite some time researching this, I’ve decided to write about it anyway. When preparing a new release for Vuurmuur, I wanted to create an Autopackage as well. For those that are unaware of it Autopackage is a distribution independent installer for Linux binaries. Because creating packages for every distro including flavor and versions is way out of my reach, a general installer can save the day. ...

Vuurmuur supported the QUEUE target for a while already, even though it needed a little bit of a hack to handle the state. This is because the iptables ruleset Vuurmuur creates is quite simple: after a few general protection rules it starts by accepting traffic with the state established. Since there is no way to say ‘queue established traffic that was queued before’ in iptables I decided to use traffic marking to distinguish between traffic to be queued or accepted. But there was a problem with this approach. I didn’t want to cripple the marking of traffic for other purposes, such as traffic shaping and routing, so I decided to use mark-ranges to either queue or accept: ...

For version control for Vuurmuur development I have been using Bazaar and Bazaar-NG. I’ve never really gotten used to Bazaar-NG. I admit that this is mostly due to lack of trying. For the Snort_inline project I have gotten used to Subversion, for which I even bought a book (Practical Subversion by Garrett Rooney, great book!). So recently I decided to move Vuurmuur also to SVN, for these three reasons: this way I need to work with only one tool people in the OSS community are more used to SVN so it’s easier for users and people interested in contributing Bazaar-NG doesn’t support SVN-style tags, except (I think) for the latest version which is not in my distro So the SVN repository is now open. It is hosted at SourceForge at: ...

My ISP is one of the few here in the Netherlands that provides a IPv6 tunnel broker. I have played with it some during the last year or so, but now decided to get a little more serious with it. So I’ve decided to enable it for my blog. When opening up my site to IPv6 one thing that is important is security. I will describe the status of IPv6 support of my current setup: ...

This is my first blog post in 2007, so let me start by wishing everyone a good and healthy new year. In the new year I finally released a new version of Vuurmuur. It was the longest period between two releases, the last one was in April 06. The last year has been pretty hectic, with my graduation, looking for work, and now working… Also I’ve been stepping up work on Snort_inline and Modsec2sguil, which all took away coding time from Vuurmuur. ...

In Vuurmuur 0.5.72 alpha 1, I introduced a connection management interface to the connection viewer, allowing the administrator to kill connections and add ipaddresses to the blocklist. Next, I’m working on doing about the same for the logviewer. The idea is to have a menu with options for each individual logline. I can think of a large number of interesting options, but I think the best would be an option like ‘create a rule based on this logline’. This would then open a prefilled rule window based on the values in the log. This option would make it very easy to get going with a new Vuurmuur setup. ...

The main new feature of the 0.5.72 release of Vuurmuur will be the ability to kill existing connections from vuurmuur_conf. It will use the conntrack tool for this. Below is a screenshot of how it works. Currently it works only for TCP connections and UDP pseudo connections. From the connection manager IPAdresses can also be added to the blocklist. All existing connections for this IP will be killed on that action. I have yet to extend this to hosts blocked manually. ...

Quite a while ago a placed a poll on the Vuurmuur Wiki, asking for the most important feature Vuurmuur needs. It turns out most people want traffic shaping. Traffic shaping has been on my todo list for a long time, but i never really got into using it, let alone understand it enough to integrate it into a GUI. So the last couple of days i had some spare time, and i have been checking it out. So far i am distinguishing the following types of traffic shaping. ...

Last week a user of Vuurmuur let me know he had another security audit at his work, and Vuurmuur passed without any remarks whatsoever. The auditors even said that this was quite unusual. The user is working in a Dutch company involved in stocktrading, and are forced to have the same level of security as their parent company, which is a bank. After the last time they had an audit, i added the auditlog feature to Vuurmuur, and it seems that has pleased them because unlike last time, they didn’t even complain about Vuurmuur’s beta status ;-) ...