Hi,
Donatas Glodenis provides KMyFirewall 1.1.1 and patched kdesudo packages for Ubuntu/Kubuntu at http://dg.lapas.info/share/paketai/ubuntu-gutsy/

thanks for his support!
greetz,
chris

Hi,

As reported by Donatas Gloden the installation process in version 1.1.0 is seriously broken - IT DOES NOT INSTALL A VALID SCRIPT!
So please Update to v1.1.1 that i've just released on sf.net if you are using 1.1.0!

Hi,

With great thanks to Donatas Glodenis here is a much better fix solving the "kdesu -t issue". Here are the instructions form his email:

The kdesudo version 2.1, available for the coming version of Ubuntu Hardy 
Heron (8.4), already has the -t option implemented. You can build your own 
kdesudo package for gutsy by following these steps:

1. Download these packages from the repositories:
$ wget http://archive.ubuntu.com/ubuntu/pool/main/k/kdesudo/kdesudo_2.1-0ubuntu1.dsc
$ wget 
http://archive.ubuntu.com/ubuntu/pool/main/k/kdesudo/kdesudo_2.1.orig.tar.gz
$ wget 
http://archive.ubuntu.com/ubuntu/pool/main/k/kdesudo/kdesudo_2.1-0ubuntu1.diff.gz

2. setup sources:
$ dpkg-source -x kdesudo_2.1-0ubuntu1.dsc

3. Build package:
$ cd kdesudo-2.1/
$ sudo apt-get build-dep kdesudo
$ dpkg-buildpackage -rfakeroot -uc -b

4. Install package
$ cd ../
$ sudo dpkg -i kdesudo*.deb

Here is the apt-get source for KMyFirewall and the patched KDEsudo

http://dg.lapas.info/share/paketai/ubuntu-gutsy/

Well, it has been a while since the last release, almost 2 years ;)

Sorry for the slow progress until now, but i hope the new KMyFirewall 1.1.0 release will excuse the long waiting.

This release includes lots of cool new features (e.g. multi target configuration, remote installation etc.) and fixes all known bugs. Again the document format has changed a bit but i did my best to make it compatible with rule sets created using v1.0.x

Main New Features

Multi Target Configuration & Remote firewall control

With KMyFirewall 1.1.0 you are now able to define so called Targets (accessible in the MyNetwork View), those are the computers you like to manage using KMyFirewall.
After configuring a Target (IP address and SSH port) you simply set it as the "Active Target" and edit it's rule set as you did for localhost. The only requirement is that the target allows SSH connections and has a bash shell installed.
With the help of KDE's KIO technology you can install, run, show configuration etc. on the remote host, as you did on localhost before.
All communication between KMyFirewall and the target is encrypted using SSH.

New Undo/Redo Engine

As consequence to the lots of trouble the current undo/redo implementation has made, i re-designed it and as result the engine is faster, more reliable and much easier to use as a developer.

Custom Protocols (Generic Interface)

This solves on of the most annoying problems of the Generic Interface. In KMyFirewall's settings dialog you now can define your own protocols.
So if you find any important protocol still missing, simply create it and if you like send it to chubinger_AT_irrsinnig_DOT_org so that i can add it for the next release. (For the future i plan to implement a KHotNewStuff service to allow online updates of the protocol library.)

Improved Auto Configuration

The auto configuration capabilities have been moved to a small bash script and therefore can also be used for remote targets. If your system is not detected correctly please send your configuration to chubinger_AT_irrsinnig_DOT_org so that i can add them to the auto configuration script.

So finally i just like to say have fun managing your firewalls using KMyFirewall 1.1.0
Feedback and burg reports are very welcome.

greetings,
Chris

Hi,

I recieved several e-mails and bug reports concerning the problem that on Ubunto/Kubunto KMyFirewall fails to start/run/install etc. the generated scripts with the error "kdesu -t: Invalid Option".

After googling it i found some bugreports about the same issue with other applications (https://bugs.launchpad.net/kdesudo/+bug/158672).
I do not know why but the Ubuntu guys silently decided to use kdesudo instead of the KDE default kdesu and therefore the workarouond i can provide is to undo that switch.

ls -la /usr/bin/kdesu
lrwxrwxrwx 1 root root 7 2008-01-06 16:15 /usr/bin/kdesu -> kdesudo
# As you can see the kdesu file is just a link to kdesudo
# Simply change it back.
animal@viech:~$ sudo -i
[sudo] password for animal:
root@viech:~# rm /usr/bin/kdesu
root@viech:~# ln -s /usr/bin/kdesu.distrib /usr/bin/kdesu

This should do the trick.

Today I received an e-mail from the Linux Magazine Editor informing me about an article they published concerning KMyFirewall in the February Issue of the English version, which is available for download from now on.

First I think that is really, really cool and second if you are interresed in reading it - and you are! ;) - just click the downlöoad link above, and enjoy reading.

so long, and thanks for all the fish

I'm very happy to announce the first update release for KMyFirewall 1.0. I've fixed some bugs and added the possibility to create installation packages for the generated ruleset.
Thanks to all of you who've send me bug reports, i hope that now most of the major issues are solved.

ChangeLog 1.0 -> 1.0.1

• Adding some more protocols to the Protocol library
• Fix spelling bug in Workstation template
• Small code cleanup
• Deleted old Parser and Wizrad files
• Fix rule index handling
• Allow insert of rules.
• Fix Rule renamed canceled bug
• cleanup interface add parameter to select the config part to show insted of different methods
• Add posibilty to export a package containing the scripts needed to install the ruleset on the system
• Add commandline parameter to define the GUI interface to startup with
• Fix chain log prefix saving bug
• Fix multiport ruleoption bug

I'm very happy to announce the availability of the new freshly designed KMyFirewall homepage
The design and implementation was done by Anton Frennevi who also designed a new icon set for KMF.
Unfortuantely, he won't have anymore time to work with us so a big thank you very much to him.

Sinze the last stable release KMF has been completely rewritten in order to be even more flexible and on the other hand easier to use.

New plugin framework

Most parts of the application has been rewritten introducing a plugin framework that allows to add new IPTables rule option editors to be written within a few hours (well maybe days depends on the options complexity :).
This will allow us (and contributors) to easily implement the fast growing number of IPTables ruleoptions without the need of understanding the whole application.

The backend generating the IPTables rules itself has been extended to allow the registration of new rule options by defining them in an XML description file. For a detailed description about how to write such plugins have a look at the application handbook in the current CVS version.
So feel free to contribute plugins, there are lots of options still not implemented.

New Easy-To-Use platform independant interface

As I often got mails complaining about the to complex nature of KMF and the very limited possibilities the wizard provides i simply removed the wizard and implemented a completely new interface.

Features of the new Interface

As the new interface works on an abstract descrioption of the generated rules the new plugin structure allows us top implement script compilers that support other firewalling backends than just netfilter/iptables.

To support a new tool kit it is required to write a compiler and an installer plugin for the new framework. Currently just the iptables/linux compiler and installer is implemented. As with the rule option plugins of the IPTables interface it shouldn't bee too much work to develop those plugins.

IPTables vs. Generic interface

The main difference between those two interfaces is that the new Generic Interface is OS and toolkit independant while the IPTables interface is an improved version of the well known KMF GUI and therefore tight bound to the netfiler/iptables toolkit and can therefore only be used with Linux as operating system.

Why two different interfaces?

Especially when concerning security related applications you (as developer) need to decide if you like to build an application used by expert users (e.g. experienced system administrators) or if you like to provide a tool that everybody can handle.

It hasn't been an easy decision to implement one interface for each user group but after pondering about concepts to merge those two requirements into one interface we decided that it is much better to seperate them.
This allows us to concentrate on the wishes and wanted features for each of the user groups.

I updated the documentation and included a small howto about writing KMyFirewall plugins. Everyone who has some basic knowledge of C++/KDE programming should be able to implement ruleoption plugins without problems.

So if you are interrested in writing a config dialog for your most wanted but unfortunately not allready implemented iptable option just have a look at the The Developers Guide.

New RPMS

Uploaded SuSE 9.2 rpms.
Thanks to Marcus for contributing those.

APT users may install from the following repository:

ftp://ftp.gwdg.de/pub/linux/suse/apt SuSE/9.2-i386 suser-tux

Updated documentation

The documentation has been updated. You'll now find there is a new section describing the new plugin framework.
If you are a developer and like to code on KMF, you are very welcome to join the project. Just drop me an e-mail

Important: As the file format used to save the rulesets has changed, rulesets created with KMF < 1.0beta1 WILL NOT work, don't even try it!

During the last year KMF has been completely rewritten in order to be even more flexible and on the other hand easier to use.

New plugin framework

Most parts of the application has been rewritten introducing a plugin framework that allows to add new IPTables rule option editors to be written within a few hours (well maybe days depends on the options complexity :).
This will allow us (and contributors) to easily implement the fast growing number of IPTables ruleoptions without the need of understanding the whole application.

The backend generating the IPTables rules itself has been extended to allow the registration of new rule options by defining them in an XML description file. For a detailed description about how to write such plugins have a look at the application handbook in the current CVS version.
So feel free to contribute plugins, there are lots of options still not implemented.

New Easy-To-Use platform independant interface

As I often got mails complaining about the to complex nature of KMF and the very limited possibilities the wizard provides i simply removed the wizard and implemented a completely new interface.

Features of the new Interface

As the new interface works on an abstract descrioption of the generated rules the new plugin structure allows us top implement script compilers that support other firewalling backends than just netfilter/iptables.

To support a new tool kit it is required to write a compiler and an installer plugin for the new framework. Currently just the iptables/linux compiler and installer is implemented. As with the rule option plugins of the IPTables interface it shouldn't bee too much work to develop those plugins.

IPTables vs. Generic interface

The main difference between those two interfaces is that the new Generic Interface is OS and toolkit independant while the IPTables interface is an improved version of the well known KMF GUI and therefore tight bound to the netfiler/iptables toolkit and can therefore only be used with Linux as operating system.

Why two different interfaces?

Especially when concerning security related applications you (as developer) need to decide if you like to build an application used by expert users (e.g. experienced system administrators) or if you like to provide a tool that everybody can handle.

It hasn't been an easy decision to implement one interface for each user group but after pondering about concepts to merge those two requirements into one interface we decided that it is much better to seperate them.
This allows us to concentrate on the wishes and wanted features for each of the user groups.

Rockersoft has built new packages for KMF and the download links have been updated.
Also a big thank you to Raphael Lechner for contributing debian testing/ustable packages.

Fedora Core packages:
kmyfirewall-0.9.6.2-4.rockerssoft.fc2.i386.rpm
kmyfirewall-0.9.6.2-3.rockerssoft.fc1.i386.rpm

Debian testing/unstable:
kmyfirewall_0.9.6.2_i386.deb

This is a small bugfix release that fixes following problems:

• Init scripts (should) have proper permissions now. Was a problem that only occured for Gentoo users where rc-update is used to add the firewall script to the default runlevel.
• The Wizard used to create wrong rules for custom ports.
• Other interface types than the already provided can be used now.