[Announce] genwall a simple iptables firewall
 

Genwall for N900

Hi all,

This application was born out of boredom due to the loss of DSL connection.
I used the N900 as my router, the poor bandwith forced me to do local stuff on my computer like programming.

In 2012 the version 1.0.0 took part in the coding competition. http://wiki.maemo.org/Maemo.org_Coding_Competition_2012

Genwall started in principle as an iptable firewall script generator. These days it can do a bit more.
It is very useful if you want to route or forwarding to another network.

The generated firewall script is based on this example:
http://www.debuntu.org/iptables-how-...et-connection/
There are the same chains defined, but genwall you can choose logging or not.

- creating connections with Wlan-ad-hoc, USB, BT
- you can activate forwarding from internet from and to any device
- set your firewall script, open ports, forwarding ports
- gives network and iptable informations
- you can modify start scripts or the firewall script by yourself with an editor
- it can read syslog file


requirements:
- you need to start application as root
- sysklogd (only if you want to enable logging)


All files genwall creates are in "/home/user/.genwall/".
[local->basics]
"gen" button = generates firestart.sh
"start" button = runs the script
"stop" button = generates and runs firestop.sh script

First steps would be:
Choose your "WAN-device" (local->basics) and your "LAN-device" (for/out->forward)
and generate your script. After this you can start it to set the firewall up.

Solid scripts you will find in /opt/genwall/
These script are based on forum members and applications
maybe you want to add something

bt_on.sh (route->BT: start button)
bt_off.sh (route->BT: stop button)
hotspot.sh (route->Wifi: adhoc button)
hotspot_off.sh (route->Wifi: adhoc button)
wifi.sh (route->Wifi: wifi start/stop button)
ssh-status.sh (local->SSH: start/stop button)
usb_on.sh (route->USB: start button)
usb_off.sh (route->USB: stop button)
usbmodule.sh (route->USB: module 3x button)

Install help

extract genwall_help_vx.x.tar.gz to /home/user/.genwall/


Install and configure sysklogd for use with genwall

Make persistent bootfile

Domain filter and iptable blacklist

Download an Ad-domain list

Linux Bluetooth PAN connection and internet sharing

Windows Bluetooth PAN connection and internet sharing


For more screenshots and little description go to:

http://www.setius.net/n900_genwall.html

Have fun generating your rules. Comments are welcome.


Old requirements:
- you need to start application as root
- iptables of course
- sudser (only if you want to start with desktop icon) no more needed since v1.0.1
- rootsh for gainroot no more needed since version 1.0.4
- sysklogd (only if you want to enable logging)

Old Deb file v0.0.2 by sifo:)

For N900 the application is in extras-devel now.
For N9(50) the application is in a very experimental stage.

Re: [Announce] genwall a simple iptables firewall
 

unbelievable how much time you find yourself with without I-Net, huh ;) :p :D

thanks!

going to install it on test dev & let you know how it works; usually only use to exchange files between the two N900s or to sync backup on PC.
if that behaves / works on test dev i'll give it a try on primary & test "Qt Mobile Hotspot" as well

may take a couple days, though :o

Re: [Announce] genwall a simple iptables firewall
 

Excuse my ignorance as I run or install the script

Re: [Announce] genwall a simple iptables firewall
 

genwall_v0.0.1_binary_armel.tar.gz contains the compiled ready to run genwall executable.
on windoooooz use 7zip to unpack it

• copy it into /usr/sbin e.g after copying it over from your PC to [N900]
• open an X-Terminal
• Code:

  ---

  root
mv /home/user/MyDocs/genwall /usr/sbin
chmod 755 /user/sbin/genwall
genwall &
exit
exit

  ---

you only need to do mv and chmod the 1st time
after that simply become root & start it

Re: [Announce] genwall a simple iptables firewall
 

i am gonna test it soon i get back home . Thanks ,been waiting for such kinda thing for long.Great stuff

Re: [Announce] genwall a simple iptables firewall
 

Thank you very much, it works without problems :)

Re: [Announce] genwall a simple iptables firewall
 

Thank you misterc for explaining. And sorry for my poor explanation. This application is atm a prerelease so only binary. I think it will grow in the future to a deb package and will get a shortcut:)

However you can run it also at user, the script that will be generated from the application uses gainroot to execute iptables.
I don't know if you run it the first time as root if it still working as user. It could be that after executing as root at first time that the user don't have the rights to the created directory and script. I will look and report.

And sorry for using windows shame on me. For linux I need to install the designer I have only installed the scratchbox environment.

@imo you are welcome. I wanted such application too and makes me happy that it is also useful for other people.

@D@vIcHoJD good to hear.

Re: [Announce] genwall a simple iptables firewall
 

thank you Halftux for this useful app :) btw the UI reminds me of fAircrack :-D

Re: [Announce] genwall a simple iptables firewall
 

What's the UI created with? Qt or GTK? What's the control for the buttons/tabs on the left?

Re: [Announce] genwall a simple iptables firewall
 

Halftux,

thank you for the clarification.
however, if the executable is in /usr/sbin only root (or the system) will actually be able to start it
if the user should be able to start it as well, put it in /usr/bin
you still need to be root to place it there.
alternatively, as it doesn't have any location related dependencies (good coding ;)) put it anywhere where user has access and start it with absolute path (e.g. /home/user/MyDocs/genwall or ./genwall )

personally i feel a firewall belongs in /usr/sbin