I wrote this email to the guarddog developer but thought it could be helpful
to some on the list... My email follows:
Dear Simon,
Thank you for all your hard work on Guarddog. It is an easy to configure firewall utility. I ran across a unique situation and possible Guarddog bug today that I thought you'd like to know about. I also have a couple of feature requests if you're so inclined... =)
I ran guarddog and got my firewall all configured. I was then connected to the Internet and had my KDE panel crash. By the way, I am running Mandrake Linux Cooker with Kernel 2.4.16-11. I had an app crash (gFTP) and was attemting to kill it. Just when I thought XKill was not coming up and clicked on it again in the panel, it came up at that exact moment and killed my panel. So, I of course had to restart X. When I came back in and connected to the net, I couldn't open web pages or download mail (or FTP or....), in short, I couldn't access the net, though I was connected properly.
I tried EVERYTHING I could think of, short of reinstalling Linux (which would have worked but I would never have known what caused my problem in the first place, besides, reinstalls I try to leave to the Windoze crowd..). I uninstalled ppp and reinstalled it. I made sure that no more than 1 instance of KPPP was running so there were no port conflicts etc. Then I hit on the idea that maybe my firewall was screwing things up (since my browser did not seem to even attempt to connect to the server). So, I uninstalled guarddog and rebooted, to no avail. Then I recalled that guarddog is really just a frontend to ipchains/tables. So, I thought maybe the guarddog config file got screwed up somehow. I reinstalled guarddog, reconfigured it and voila, it worked again and I had full net access. I thought this might be helpful to anyone wondering why their network conncetion seemed to be dead, if they run guarddog.
So, I wrote to tell you of this situation and to suggest a few mods. Maybe guarddog can be changed so that if its configuration (ie. a prohibited protocol) somehow prevents net access, a dialog box could pop up letting the user know why access was denied. This would have been helpful in my situation as then I would have known exactly why I was denied access. Guarddog could also be changed to be application, not just protocol specific. This way, if an application was denied access to a network, then the user could override it manually for that application only. This could be set up so that the app would have access on an ongoing basis or just for the instance the permission was granted for. This type of a setup would be great for newer users who may know whether or not they want a specific application to have network access but may or may not know the protocol it uses. Also, many users might not understand that a good firewall such as guarddog, not only prevents inbound traffic on certain protocols but also outbound/user traffic as well.
I know watchdog is more along the lines of a realtime firewall but some of these small changes to guarddog would be great, if it's possible. Maybe a small system tray utility could run in the background after the intitial guarddog configuration showing current firewall status, port probes etc. This would go a long way to assisting users in knowing how their firewall was functioning and just what exactly it was protecting them from. I (like many Linux users) came from a Windows background and used to run ZoneAlarm, which seemed to be a good (and easily configurable/intuitive) firewall and from which a lot of these concepts I've discussed come from. One feature guarddog has that I really like over ZoneAlarm is the ability to prohibit access on a protocol, not just applicational basis.
Just some thoughts....and thanks again for your efforts, they are appreciated. Would love to hear your thoughts on the idea.
Kindest Regards,
Jason Greenwood
Dear Simon,
Thank you for all your hard work on Guarddog. It is an easy to configure firewall utility. I ran across a unique situation and possible Guarddog bug today that I thought you'd like to know about. I also have a couple of feature requests if you're so inclined... =)
I ran guarddog and got my firewall all configured. I was then connected to the Internet and had my KDE panel crash. By the way, I am running Mandrake Linux Cooker with Kernel 2.4.16-11. I had an app crash (gFTP) and was attemting to kill it. Just when I thought XKill was not coming up and clicked on it again in the panel, it came up at that exact moment and killed my panel. So, I of course had to restart X. When I came back in and connected to the net, I couldn't open web pages or download mail (or FTP or....), in short, I couldn't access the net, though I was connected properly.
I tried EVERYTHING I could think of, short of reinstalling Linux (which would have worked but I would never have known what caused my problem in the first place, besides, reinstalls I try to leave to the Windoze crowd..). I uninstalled ppp and reinstalled it. I made sure that no more than 1 instance of KPPP was running so there were no port conflicts etc. Then I hit on the idea that maybe my firewall was screwing things up (since my browser did not seem to even attempt to connect to the server). So, I uninstalled guarddog and rebooted, to no avail. Then I recalled that guarddog is really just a frontend to ipchains/tables. So, I thought maybe the guarddog config file got screwed up somehow. I reinstalled guarddog, reconfigured it and voila, it worked again and I had full net access. I thought this might be helpful to anyone wondering why their network conncetion seemed to be dead, if they run guarddog.
So, I wrote to tell you of this situation and to suggest a few mods. Maybe guarddog can be changed so that if its configuration (ie. a prohibited protocol) somehow prevents net access, a dialog box could pop up letting the user know why access was denied. This would have been helpful in my situation as then I would have known exactly why I was denied access. Guarddog could also be changed to be application, not just protocol specific. This way, if an application was denied access to a network, then the user could override it manually for that application only. This could be set up so that the app would have access on an ongoing basis or just for the instance the permission was granted for. This type of a setup would be great for newer users who may know whether or not they want a specific application to have network access but may or may not know the protocol it uses. Also, many users might not understand that a good firewall such as guarddog, not only prevents inbound traffic on certain protocols but also outbound/user traffic as well.
I know watchdog is more along the lines of a realtime firewall but some of these small changes to guarddog would be great, if it's possible. Maybe a small system tray utility could run in the background after the intitial guarddog configuration showing current firewall status, port probes etc. This would go a long way to assisting users in knowing how their firewall was functioning and just what exactly it was protecting them from. I (like many Linux users) came from a Windows background and used to run ZoneAlarm, which seemed to be a good (and easily configurable/intuitive) firewall and from which a lot of these concepts I've discussed come from. One feature guarddog has that I really like over ZoneAlarm is the ability to prohibit access on a protocol, not just applicational basis.
Just some thoughts....and thanks again for your efforts, they are appreciated. Would love to hear your thoughts on the idea.
Kindest Regards,
Jason Greenwood
