Can I be notified about blocked connection attempts?

firewall notification-area

My computer is running Ubuntu 10.10 and I would like to know if there is a firewall that actively informs me when a certain program is trying to access the internet or when a connection attempt is blocked from the internet. I remember ZoneAlarm for Windows will alert you to blocked attempts but now that I have switched to Ubuntu I'm not so sure. All my searching leads me to is gufw.


As far as I know the answer to both questions is unfortunately "no".

Details (but I'm going to simplify here anyway):

firewall that actively informs me when a certain program is trying to access the internet

  • The kernel net filter that firewalls use does not work well on the application level, so it is not used for that purpose. Though it is generally possible to filter outgoing connections (for all programs), it is hard to do, as you can't block connections to port 80 (used for http - just used as an example here), which means that a rogue application can easily use that port to make connections.
  • Even if this was possible, it would be quite hard to implement, as the connections are either allowed or blocked (and not "intercepted" or "paused" as with e.g. ZoneAlarm) so you don't get a chance to actively allow or ban the request on-the-fly.
  • One option on an application level would be AppArmor (you can restrict connecting to the Internet among other things there), but it's not very beginner-friendly and granular.

actively informs when a connection attempt is blocked from the internet

  • It does if you configure it so - for instance ufw by default logs to /var/log/kern.log. Notification via system notifications is certainly possible though I don't know of any such program (for AppArmor it is apparmor-notify).

There are no such firewalls for Linux. You are welcome to read a somewhat exhaustive discussion on the subject at ubuntuforums.org. To summarize, it pretty much boils down to the cliche - Linux != Windows.

http://ubuntuforums.org/showthread.php?t=1591340&highlight=application+based+firewall


From your software center there is an application called fwanalog. It claims that it will analyse logged events from a configured iptables based firewall such a gufw.

It will write html logs which you can browse (/var/log/fwanalog) - results are displayed as both text statistics and as pie-charts etc.

Its does not answer your "active" reports part of your question - but it will allow you to look at daily/weekly/monthly statistics of various connection and active blocking events.

Note - if you are behind a router, you will probably get very little reports since most routers actively block connection attempts.

Related

Does Quickly support GTK3?
How do I move the clock in GNOME Classic?
Will Gwibber get Google+ support?
What ebook reading devices work well without Windows or Wine?
How to start jenkins?
How can I set an HTML page as the desktop background?
"identical with" vs. "identical to"
An expression for not giving up when you know you should
What's the origin of the "memory lane"?
Synonym for 'recipient' (of an email/letter)
A word or phrase for an unremarkable event that occurs with uncanny frequency
Being "on the ticket"