I need an outbound GUI software firewall

[opendoors]

By "outbound", I mean I need to be able to control which programs are allowed to access the Internet; that is, connect to some remote server from my computer. I'm not very experienced at Ubuntu, but all of the firewalls I've looked at for Ubuntu so far only allow me to control incoming connections. A router would be able to do the same thing.

Is there any such firewall for Ubuntu? I would prefer one that is friendly to newbies, but this isn't required as long as it's GUI instead of command line.

[cariboo]

There is no need to block outbound connections, as there aren't any until you the user initiate them. I'd suggest you spend more time getting familiar with Ubuntu, instead of trying to use Windows solutions for problems that don't exist.

To check what outbound connections you have running, open a terminal and type::

Code:

sudo lsof -i -P -n

[opendoors]

There is no need to block outbound connections, as there aren't any until you the user initiate them. I'd suggest you spend more time getting familiar with Ubuntu, instead of trying to use Windows solutions for problems that don't exist.

To check what outbound connections you have running, open a terminal and type::

Code:

sudo lsof -i -P -n

I can't be checking what outbound connections I have running 24/7. I need a blocking solution, not a checking solution. I will be installing software that isn't from the repository out of necessity (e.g. at least some hardware drivers that come packaged with stuff I don't want to use but that I have to). If it is legal to do so, I may also be installing Windows games and playing them using Wine. I don't want these games phoning home. Finally, even if I install software from repositories, I don't want them accessing the Internet all the time. And these are only a few examples. I could go on, but I've seen far too many similar threads devolve into a discussion over necessity, and I don't want the same thing to happen to this one.

I am still looking for a firewall that can block outbound connections.

[cariboo]

Like I said, in my post, there isn't anything making outbound connections until you start the program. Most programs have configuration files, where the ability to connect to the internet is allowed or dis-allowed. It is up to you whether they connect or not, there is now set and forget solution

[bodhi.zazen]

I can't be checking what outbound connections I have running 24/7. I need a blocking solution, not a checking solution. I will be installing software that isn't from the repository out of necessity (e.g. at least some hardware drivers that come packaged with stuff I don't want to use but that I have to). If it is legal to do so, I may also be installing Windows games and playing them using Wine. I don't want these games phoning home. Finally, even if I install software from repositories, I don't want them accessing the Internet all the time. And these are only a few examples. I could go on, but I've seen far too many similar threads devolve into a discussion over necessity, and I don't want the same thing to happen to this one.

I am still looking for a firewall that can block outbound connections.

Any firewall can block outbound connections.

What you are asking for is a so called "application firewall" and most of the people who ask for such a thing are people coming from a Windows background.

Basically you have a few options :

1. Use iptables.

Code:

sudo iptables A OUTPUT -j DROP

You can configure iptables with any number of tools from ufw to gufw

2. Turn your computer off when you are not using it.

3. Disconnect from the network when you are not using it.

4. Learn to use apparmor or selinux or grsecurity.

5. Write an application yourself.

[opendoors]

Among iptables, apparmor, selinux, and grsecurity, is there one that alerts me every time an application tries to access the Internet instead of requiring me to know every program that makes such an attempt?

[smurphy_it]

Have you tried "firestarter". Its gui, and does all of the work in the background with iptables.

http://www.fs-security.com/

sudo apt-cache search firestarter
firestarter - gtk program for managing and observing your firewall

[scorp123]

I can't be checking what outbound connections I have running 24/7.

And why should you even need to?? This is not Windows here

I use Linux since 1996 and never had any problem with programs doing strange things behind my back

Let go of your Windows ways.

[bodhi.zazen]

Among iptables, apparmor, selinux, and grsecurity, is there one that alerts me every time an application tries to access the Internet instead of requiring me to know every program that makes such an attempt?

You can monitor your network traffic best with tcpdump or wireshark.

You can also log all packets with snort or iptables.

Apparmor / selinux / grsecurity will all certainly alert you alright =) Of the 3 I would go with Fedora and selinux, nice graphical tools.

But no, if you want to do this, it is an active process and will require time and effort on your part.

[opendoors]

Have you tried "firestarter". Its gui, and does all of the work in the background with iptables.

http://www.fs-security.com/

sudo apt-cache search firestarter
firestarter - gtk program for managing and observing your firewall

Thanks, firestarter is definitely a good start. If as bodhi.zazen says, I can't be alerted at the moment an application tries to access the Internet, I still would like to do what others have done: deny everything, then whitelist stuff gradually. Firestarter falls a little short in this respect because:

1. The log doesn't log blocked outbound connection attempts.
2. I can set a restrictive outbound policy (i.e. block everything except allowed connections/services), but I cannot specify an application as a whitelisted item.

I also looked into GUFW because of bodhi.zazen's stickied thread, but it also doesn't let me allow applications instead of ports.

So basically, at this point I'm willing to use any firewall GUI that has a restrictive policy similar to firestarters (blocking everything that isn't whitelisted) and allows me to specify applications as whitelisted items (instead of just ports or destination IPs). All I would need is a log that shows all the blocked outgoing connections so I can decide what to whitelist later. I think such a product should exist because of this: http://ubuntuforums.org/showpost.php...8&postcount=38

What I should try next?