anfd (Application Networking Firewall Daemon) is a building block for an application firewall for linux. On linux three main components help protecting against attacks of viruses, malware and alike:
+ A strict separation of privileged users (like root and other system users) and regular user accounts, combined with appropriate restrictions of access rights. Thereby malicious code should be unable to escalate privileges out of any account and infect the system as a whole.
+ A properly configured iptables firewall allows access from the system to the outside, and, if needed, access from outside to selected services.
+ Most importantly, installing latest security patches on a regular basis, best automatically, keeps the system secure against attacks of any kind, at least to the level to which patches are available. Still, there is a remaining risk that code contains still unpatched security holes that malicious code might explore, you might by accident download and install harmful code that tries to download further malicious code or leak sensitve information and key material to untrusted parties. anfd helps to restrict connections to the outside world not only to specific ip addresses and ports but also to specific applications that are allowed to estaplish connections to these locations. For example you would only expect your email client or mta to establish smtp connections, only a few applications like the web browser, the update mechanism and a hand full command line applications are supposed to download software.
anfd inspects network traffic that is queued by the regular iptables firewall and accepts or rejects it according to its own rules. These rules are configured in /etc/anfd.conf.
Usage and Install Dependencies:
pacman -S nfqueue-bindings-perl libnet-cidr-perl libnet-rawip-perl
sudo apt-get install nfqueue-bindings-perl libnet-cidr-perl libnet-rawip-perl
git clone https://github.com/mrbaseman/anfd && cd anfd