[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] Fwknop-gui description

Hello Justin,

> The debconf templates and README for fwknop passed through d-l-e back
> in 2008, but not the package descriptions.  

I can't remember :) I thought I did it.

> They seem okay, though the
> server package has one reference to "libcap" where I suspect it means
> "libpcap".

Good catch. I will update the Fwknop description.

On 06/09/2016 19:48, Justin B Rye wrote:
> Justin B Rye wrote:
>> I'd better get some sleep before I try to produce a revised version.
> Looking at it again:


>> Description: FireWall KNock OPerator Graphical User Interface
> [...]
>>  This application helps the user to maintain multiple Fwknop
>>  configurations through a single interface, and includes a wizard for
>>  configuring an Fwknop server.
> [...]
> I don't see any evidence elsewhere of this "wizard for configuring an
> Fwknop server" (which would presumably require elevated privileges,
> and probably be a separate binary); it looks more as if there's just
> one GUI, which simplifies the task of creating per-server
> configuration files for its built-in Fwknop client.  Did you mean "a
> wizard for setting up a configuration for an Fwknop server"?

The application consists of one simple graphical interface in order to
configure client access settings. Once this is done, the user can select
a client configuration among a list of configurations and send one or
more SPA packets through the built-in Fwknop client to the remote Fwknop

Fwknop server relies on two kinds of configuration files:
 * One file that contains the Fwknop server main settings (behaviour of
   the server)
 * The others provide remote client access settings (key, port, command
   used to gain access and open a door on the remote computer to
   establish for example an SSH access)

To help configuring the client access file on the remote Fwknop server,
the user can generate an Fwknop server access file from his client
configuration, from the GUI toolbar.

> Mind you, the man page doesn't mention any of this - it only admits to
> being a graphical SPA-packet sender, not a configuration manager.  The
> help.html file is much more informative, but it's still possible that
> I don't understand this software, in which case I'd be glad of any
> hints you can provide.

I first wanted to improve the application description before working on
the application man page and help message.

We should say "an fwknop" according to a very recent bug report on github :)


> Until then, here's my best guess:
> # Description: FireWall KNock OPerator Graphical User Interface
> #  The FireWall KNock OPerator implements an authorization scheme called
> #  Single Packet Authorization (SPA), based on Netfilter and libpcap.
> #  .
> #  Its main application is to protect services such as OpenSSH with
> #  an additional layer of security in order to make the exploitation of
> #  vulnerabilities (both 0-day and unpatched code) much more difficult.
> #  .
> #  Fwknop GUI is a graphical user interface integrated with an Fwknop
> #  client that provides the ability to send SPA packets to a remote
> #  Fwknop server, as well as a front-end for creating and managing
> #  client configurations for multiple Fwknop servers.
> #  .
> #  It supports exporting saved configuration data to a QR code format
> #  readable by the Android client, as well as to the .fwknoprc format
> #  readable by the command line client.
> (I attach a patch on the off chance that this will do.)

I think it sounds good, what do you think?



Reply to: