I am currently planning my final year project at university and I'd like some opinions on my initial idea. I do have to stress that this idea is extremely primitive and I have barely begun, what I'd really like is to have some comments from you guys that I can use to decide whether to proceed.

I'm looking to create an interactive firewall, the exact nature of the firewall is yet to be determined but my main aim is to create a user friendly application that can help new users to Linux configure network access with maximum ease. By interactive I mean a firewall that is restrictive by default, allowing only those applications and services network access through interactively granting permissions.

What I'd really like at this initial stage is some opinions, on whether Linux actually needs another firewall, and some features that you'd like to see. I'd also like some advice on what is currently available, what firewall you use, and the things you like/dislike about it.

I'd really like people to be honest in there opinion, I'm not tied down to this application and I have pleanty of time, if the idea isn't required amongst Linux users then there is little point in proceeding.

I've asked a lot of questions here so comments on any would be great.

Thanks.

I'm looking to create an interactive firewall, (..) create a user friendly application (..) configure network access with maximum ease.
Linux (the kernel) has one filtering framework called Netfilter. Together with userland tools like ipfwadm, ipchains and iptables to manage rulesets this is what encompasses "the Linux firewall". Anything on top of that (that is: dependant on) should be called middleware or frontend but not a firewall.


a firewall that is restrictive by default, allowing only those applications and services network access through interactively granting permissions.
Might find some hooks or examples wrt network blocking in Niels Provos' Systrace, GRSecurity, iptables (POM) modules.


I'd also like some advice on what is currently available
Search Sourceforge and Freshmeat and you've got eighty percent of what's around I'd say.

Some linux firewalls are restrictive by default at least from the
external zone. I use Suse 10 and it can also be configured to
deny everything from the internal zone except for manually
configured exceptions. As far as the external zone is concerned
you can add things like the Samba server into the firewall but it
still doesn't work even if you are only trying to network to
other Suse machines (I expect this is a bug).
A really safe fire wall would deny all requests from the local
zone, all requests from the external zone and all requests from
the DMZ zone. I don't think its a question of a new firewall,
more a question of the defaults to be applied to existing
firewalls and the right tools to allow easy configuration of
firewalls (and documents that explain what the configurations
options are and what they mean).

What would be nice is a capability like that provided by Zone Alarm in Windows; monitoring outgoing connections and by default not allowing them unless previously approved.

Granting that viruses and trojans haven't been a big problem in Linux, having such monitoring capability would add a layer of protection that would be nice.