[needs-packaging] Leopard Flower for easier program-based Internet access control
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
There is currently no easy way for a user to control Internet Access on a per program basis in Ubuntu. The current solutions require that the user know in advance that they need to limit Internet access and to create a "new solution" for each program in question by creating a "permanent" on/off access with an apparmor profile, use UFW/IPtables to limit by port but that port may be needed by other programs, or create a separate user for each.
Leopard Flower appears to allow the user to easily track and control which programs have Internet access as need arises which is useful for a number of reasons. It is meant to compliment our current security measures, not replace them.
1) During metered (charged per use) Internet access (such as mobile and hotspots), you can prevent Internet access to programs like your music player or RSS reader but not your webemail. Then you can easily turn them back on later from a single interface instead of remembering and digging through the preferences of each individual program that may access the Internet.
2) As an additional layer of protection so users who have incorrectly or accidentally setup a program/service can be notified and can fix the issue when it tries to access the Internet. (I didn't mean to have the program download stuff or intend to turn on that service.)
3) Users who have to use closed source drivers/programs for business or accessibility reasons but don't wish to have these programs "phone home".
A web search shows that newer Desktop end-users have been searching for this type of additional functionality in Ubuntu and other Linux distros for years without success, even as more functionality is being shifted to the Internet and Cloud.
URL: http://
License: Public Domain
Changed in ubuntu: | |
importance: | Undecided → Wishlist |
Obviously this firewall need testing first. I hope developers can assess if it is secure to use. But there is a lot of talk about application based firewall. So, if you want to know the rationale follow this discussions and users activity:
Idea #26902: Give users "global control" over applications' outgoing internet connections brainstorm. ubuntu. com/idea/ 26902
http://
[ubuntu-hardened] Give users "global control" over applications' outgoing internet connections /lists. ubuntu. com/archives/ ubuntu- hardened/ 2011-March/ 000541. html
https:/
I need an outbound GUI software firewall ubuntuforums. org/showthread. php?t=1696699
http://
TuxGuardian - application based firewall ubuntuforums. org/showthread. php?t=1591340
http://
If Leopard Flower match security requirements add it to repository. If not propose / develop new solution, please.
I wish Canonical developers would give users some feedback.