{"id":43514248,"url":"https://github.com/subgraph/fw-daemon","last_synced_at":"2026-02-03T13:30:40.984Z","repository":{"id":138476520,"uuid":"47357680","full_name":"subgraph/fw-daemon","owner":"subgraph","description":"Subgraph Application Firewall","archived":false,"fork":false,"pushed_at":"2018-11-16T18:14:18.000Z","size":1144,"stargazers_count":104,"open_issues_count":28,"forks_count":24,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-06-20T00:43:14.872Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/subgraph.png","metadata":{"files":{"readme":"README-DEV.txt","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-12-03T20:15:59.000Z","updated_at":"2024-05-23T12:49:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"cc0f2f1c-ea6c-4aad-8f63-1f10a7a5351f","html_url":"https://github.com/subgraph/fw-daemon","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/subgraph/fw-daemon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/subgraph%2Ffw-daemon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/subgraph%2Ffw-daemon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/subgraph%2Ffw-daemon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/subgraph%2Ffw-daemon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/subgraph","download_url":"https://codeload.github.com/subgraph/fw-daemon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/subgraph%2Ffw-daemon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29046554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-03T13:30:40.300Z","updated_at":"2026-02-03T13:30:40.971Z","avatar_url":"https://github.com/subgraph.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"*** Please also refer to the notes found in fw-prompt/README.txt: you will need to copy both files in sources/etc/dbus-1/system.d/ into /etc/dbus-1/system.d/\n\nBuild complications:\nYou may need to run the following first, esp. on Ubuntu 16.04:\ngo install -tags gtk_3_18 github.com/gotk3/gotk3/gtk\n\nand build with the following:\ngo build -v -tags gtk_3_18 -gcflags \"-N -l\" fw-prompt\n\nOtherwise standard go build and go install procedures should suffice.\n\n\nBefore running fw-daemon, make sure to export: GODEBUG=cgocheck=0\n\nAlso, here's a default fw-daemon-socks.json config file:\n\nroot@subgraph:/# cat /etc/fw-daemon-socks.json \n{\n\t\"SocksListener\": \"tcp|127.0.0.1:9998\",\n\t\"TorSocks\": \"tcp|127.0.0.1:9050\"\n}\n\n\nRemember that fw-settings will need to be compiled separately with go install .../fw-daemon/fw-settings\nAnd the gnome-shell interface must be refreshed with ALT+F2, r\n*** All changes require on the interoperation between the latest versions of fw-daemon, fw-settings, and the gnome-shell Javascript frontend.\n\n\n\nThese rules will need to be sent to ensure that all passed through/sandboxed(clearnet) traffic will be picked up by the firewall:\niptables -t mangle -I PREROUTING 1 -m conntrack --ctstate NEW --proto tcp -j NFQUEUE --queue-num 0 --queue-bypass\niptables -I FORWARD 1 -m mark --mark 0x1 -j REJECT --reject-with icmp-host-prohibited\n\nThe following rules are likewise necessary for fw-daemon to catch udp and icmp data:\niptables -t mangle -I PREROUTING 1 --proto udp -j NFQUEUE --queue-num 0 --queue-bypass\niptables -t mangle -I PREROUTING 1 --proto icmp -j NFQUEUE --queue-num 0 --queue-bypass\n\n\n\nHere are some examples of the newly formatted rules in /var/lib/sgfw/sgfw_rules:\n\n#[[unknown]] is used to match an unknown process; this is necessary because even though we can sometimes figure out who's sending an ICMP packet, it's functionally impossible for us to tell who the recipient of an ICMP packet is.\n[[unknown]]\nALLOW|icmp:4.2.2.4:0|SYSTEM||\n\n#Note the use of wildcards. These rules are of course redundant, but get the same basic job done.\n[/usr/sbin/ntpd]\nALLOW|udp:*.ntp.org:123|SYSTEM||\nALLOW|udp:*:123|SYSTEM||\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsubgraph%2Ffw-daemon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsubgraph%2Ffw-daemon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsubgraph%2Ffw-daemon/lists"}