pglgui draft 2011-04-20 PeerGuardian Linux consists of three components: - pgld: the IP block daemon itself. It checks internet traffic in the kernel user space based on huge blocklists with IP ranges. It then either ACCEPTs, DROPs or MARKs the packets. - pglcmd: does several tasks around pgld: - It starts/stops the daemon. - It setups the netfilter iptables environment, that decides which traffic gets to pgld and what happens with MARKed packets. - It handles the blocklists. - pglcmd.wd is a watchdog that frequently checks whether the daemon is still running and some iptables rules exist. On fail it restarts pglcmd. - pglgui: is the GUI (Graphical User Interface) on top of pgld and pglcmd. Utilized software: - C++ - Qt - dbus Assumptions (check on startup): - pglcmd's default iptables setup is used else offer to change this and "pglcmd restart" else start in restricted mode Design: Main Window: - Control Panel: - allows to use pglcmd direct commands like start, stop, update, status with a single click. - shows daemon status (pgld process is running) (red/green light) HOW? - Log Panel: - shows log: on startup: show last lines from pgld.log gets directly notified by the daemon via dbus about blocked packets and other logged events. - allows whitelisting: right-click on blocked packets allow to - whitelist blocked IP permanently: entry to pglcmd's WHITE_IP_FWD, WHITE_IP_IN or WHITE_IP_OUT issue iptables command directly - whitelist blocked IP's port permanently: issue warning that this is a security risk, explain why entry to pglcmd's WHITE_[TCP|UDP]_[IN|OUT|FWD] issue iptables command directly - temporarily whitelist blocked IP, port or IP+port+protocol combination: issue iptables command directly - Configure Panel: Allows to edit pglcmd's variables. Default values are in pglcmd.defaults. Other values are saved in pglcmd.conf. Offer to "pglcmd restart" to apply changes for iptables rules or pgld's options. "pglcmd reload" to apply changes for blocklists. - Main: The most important pglcmd variables (automatic start and blocklist update, ...) - Whitelisting - Logging - Paths - ... - pglgui specific settings, saved in ~/.config/pgl/pglgui.conf Dockable to system tray different icons for whether pgld process is running blink on block (make configurable) Some commands require root privileges. Gain them with policykit (currently gksu/kdesudo) ---------- old mobloquer ----------------- Features: * [TODO] View the IPs which pgl blocks in realtime as well as some information about each one. * [TODO] Easily view whois information for each IP blocked. * [TODO] Easily configure pgl to stop blocking an IP. * Add/Remove/Enable/Disable blocklists and tweak their settings. * Quickly tweak pgl's settings such as automatic startup, automatic updates etc. * Whitelist specific ports. * Whitelist IPs/hostnames. * [TODO] Remove entries from the blocklists. * View the state of pgld. * [TODO] View some information about moblock such as the number of the loaded ranges, the last time the blocklists were updated etc. * [TODO] View the log produced by pglcmd in real time. * [TODO] View the current iptables rules to determine if pgl is working. * Start/Restart/Stop/Reload/Update pgl with just one click. Dependencies: * libc-dev/libc6-dev * g++ * make * libqt4-core (>=4.3.0) * libqt4-gui (>=4.3.0) * libqt4-dev (>=4.3.0) * pgld and pglcmd See "install" for installation instructions. Common problems: * If pglgui stops working properly, the first thing you should try to do is delete its configuration file. Just run "rm ~/.config/pgl/pglgui.conf" in a terminal to do so. * Launch pglgui with the argument --tray if you want it to start minimized in the tray.