opensnitch/daemon/firewall/rules.go

package firewall

import (
	"fmt"
	"regexp"
	"sync"
	"time"

	"github.com/gustavo-iniguez-goya/opensnitch/daemon/core"
	"github.com/gustavo-iniguez-goya/opensnitch/daemon/log"
)

// DropMark is the mark we place on a connection when we deny it.
// The connection is dropped later on OUTPUT chain.
const DropMark = 0x18BA5

// Action is the modifier we apply to a rule.
type Action string

// Actions we apply to the firewall.
const (
	ADD    = Action("-A")
	INSERT = Action("-I")
	DELETE = Action("-D")
)

// make sure we don't mess with multiple rules
// at the same time
var (
	lock = sync.Mutex{}

	queueNum = 0
	running  = false
	// check that rules are loaded every 5s
	rulesChecker       = time.NewTicker(time.Second * 20)
	rulesCheckerChan   = make(chan bool)
	regexRulesQuery, _ = regexp.Compile(`NFQUEUE.*ctstate NEW,RELATED.*NFQUEUE num.*bypass`)
	regexDropQuery, _  = regexp.Compile(`DROP.*mark match 0x18ba5`)
)

// RunRule inserts or deletes a firewall rule.
func RunRule(action Action, enable bool, logError bool, rule []string) error {
	if enable == false {
		action = "-D"
	}

	rule = append([]string{string(action)}, rule...)

	lock.Lock()
	defer lock.Unlock()

	// fmt.Printf("iptables %s\n", rule)

	_, err4 := core.Exec("iptables", rule)
	_, err6 := core.Exec("ip6tables", rule)
	if err4 != nil && err6 != nil {
		if logError {
			log.Error("Error while running firewall rule, ipv4 err: %s, ipv6 err: %s", err4, err6)
			log.Error("rule: %s", rule)
		}
		return nil
	} else if err4 != nil {
		return err4
	} else if err6 != nil {
		return err6
	}

	return nil
}

// QueueDNSResponses redirects DNS responses to us, in order to keep a cache
// of resolved domains.
// INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
func QueueDNSResponses(enable bool, logError bool, qNum int) (err error) {
	return RunRule(INSERT, enable, logError, []string{
		"INPUT",
		"--protocol", "udp",
		"--sport", "53",
		"-j", "NFQUEUE",
		"--queue-num", fmt.Sprintf("%d", qNum),
		"--queue-bypass",
	})
}

// QueueConnections inserts the firewall rule which redirects connections to us.
// They are queued until the user denies/accept them, or reaches a timeout.
// OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass
func QueueConnections(enable bool, logError bool, qNum int) (err error) {
	return RunRule(ADD, enable, logError, []string{
		"OUTPUT",
		"-t", "mangle",
		"-m", "conntrack",
		"--ctstate", "NEW,RELATED",
		"-j", "NFQUEUE",
		"--queue-num", fmt.Sprintf("%d", qNum),
		"--queue-bypass",
	})
}

// DropMarked rejects packets marked by OpenSnitch.
// OUTPUT -m mark --mark 101285 -j DROP
func DropMarked(enable bool, logError bool) (err error) {
	return RunRule(ADD, enable, logError, []string{
		"OUTPUT",
		"-m", "mark",
		"--mark", fmt.Sprintf("%d", DropMark),
		"-j", "DROP",
	})
}

// AreRulesLoaded checks if the firewall rules are loaded.
func AreRulesLoaded() bool {
	lock.Lock()
	defer lock.Unlock()

	outDrop, err := core.Exec("iptables", []string{"-L", "OUTPUT"})
	if err != nil {
		return false
	}
	outDrop6, err := core.Exec("ip6tables", []string{"-L", "OUTPUT"})
	if err != nil {
		return false
	}
	outMangle, err := core.Exec("iptables", []string{"-L", "OUTPUT", "-t", "mangle"})
	if err != nil {
		return false
	}
	outMangle6, err := core.Exec("ip6tables", []string{"-L", "OUTPUT", "-t", "mangle"})
	if err != nil {
		return false
	}

	return regexRulesQuery.FindString(outMangle) != "" &&
		regexRulesQuery.FindString(outMangle6) != "" &&
		regexDropQuery.FindString(outDrop) != "" &&
		regexDropQuery.FindString(outDrop6) != ""
}

// StartCheckingRules checks periodically if the rules are loaded.
// If they're not, we insert them again.
func StartCheckingRules(qNum int) {
	for {
		select {
		case <-rulesCheckerChan:
			return
		case <-rulesChecker.C:
			if rules := AreRulesLoaded(); rules == false {
				QueueConnections(false, false, qNum)
				DropMarked(false, false)
				QueueConnections(true, true, qNum)
				DropMarked(true, true)
			}
		}
	}
}

// StopCheckingRules stops checking if the firewall rules are loaded.
func StopCheckingRules() {
	rulesCheckerChan <- true
}

// IsRunning returns if the firewall rules are loaded or not.
func IsRunning() bool {
	return running
}

// Stop deletes the firewall rules, allowing network traffic.
func Stop(qNum *int) {
	if running == false {
		return
	}
	if qNum != nil {
		queueNum = *qNum
	}

	StopCheckingRules()
	QueueDNSResponses(false, true, queueNum)
	QueueConnections(false, true, queueNum)
	DropMarked(false, true)

	running = false
}

// Init inserts the firewall rules.
func Init(qNum *int) {
	if running {
		return
	}
	if qNum != nil {
		queueNum = *qNum
	}

	if err := QueueDNSResponses(true, true, queueNum); err != nil {
		log.Error("Error while running DNS firewall rule: %s", err)
	} else if err = QueueConnections(true, true, queueNum); err != nil {
		log.Error("Error while running conntrack firewall rule: %s", err)
	} else if err = DropMarked(true, true); err != nil {
		log.Error("Error while running drop firewall rule: %s", err)
	}
	go StartCheckingRules(queueNum)

	running = true
}
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`package firewall`

			`import (`
			`"fmt"`
firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`"regexp"`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"sync"`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`"time"`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00
project import paths changed 2019-10-20 21:51:35 +02:00			`"github.com/gustavo-iniguez-goya/opensnitch/daemon/core"`
Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00			`"github.com/gustavo-iniguez-goya/opensnitch/daemon/log"`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`)`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// DropMark is the mark we place on a connection when we deny it.`
			`// The connection is dropped later on OUTPUT chain.`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`const DropMark = 0x18BA5`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// Action is the modifier we apply to a rule.`
Fixed DNS responses firewall rule not deleted on exit Sometimes the INPUT rule for to queue DNS responses was not deleted. The code has also been reorganized. And a minor tweak to make an if{} more idiomatic. 2020-02-25 01:30:24 +01:00			`type Action string`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// Actions we apply to the firewall.`
Fixed DNS responses firewall rule not deleted on exit Sometimes the INPUT rule for to queue DNS responses was not deleted. The code has also been reorganized. And a minor tweak to make an if{} more idiomatic. 2020-02-25 01:30:24 +01:00			`const (`
firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`ADD = Action("-A")`
			`INSERT = Action("-I")`
			`DELETE = Action("-D")`
Fixed DNS responses firewall rule not deleted on exit Sometimes the INPUT rule for to queue DNS responses was not deleted. The code has also been reorganized. And a minor tweak to make an if{} more idiomatic. 2020-02-25 01:30:24 +01:00			`)`

misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`// make sure we don't mess with multiple rules`
			`// at the same time`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`var (`
			`lock = sync.Mutex{}`

Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00			`queueNum = 0`
			`running = false`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`// check that rules are loaded every 5s`
firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`rulesChecker = time.NewTicker(time.Second * 20)`
			`rulesCheckerChan = make(chan bool)`
intercept RELATED packets We must intercept RELATED packets, not only for intercept protocols like ftp-data, but also to handle connection errors (ICMP errors), like the ones originated when dis/connecting from a wifi network. 2020-07-25 21:48:16 +02:00			regexRulesQuery, _ = regexp.Compile(`NFQUEUE.ctstate NEW,RELATED.NFQUEUE num.*bypass`)
firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			regexDropQuery, _ = regexp.Compile(`DROP.*mark match 0x18ba5`)
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`)`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00
firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// RunRule inserts or deletes a firewall rule.`
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`func RunRule(action Action, enable bool, logError bool, rule []string) error {`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`if enable == false {`
			`action = "-D"`
			`}`

Fixed DNS responses firewall rule not deleted on exit Sometimes the INPUT rule for to queue DNS responses was not deleted. The code has also been reorganized. And a minor tweak to make an if{} more idiomatic. 2020-02-25 01:30:24 +01:00			`rule = append([]string{string(action)}, rule...)`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00
			`lock.Lock()`
			`defer lock.Unlock()`

			`// fmt.Printf("iptables %s\n", rule)`

Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`_, err4 := core.Exec("iptables", rule)`
			`_, err6 := core.Exec("ip6tables", rule)`
			`if err4 != nil && err6 != nil {`
			`if logError {`
			`log.Error("Error while running firewall rule, ipv4 err: %s, ipv6 err: %s", err4, err6)`
			`log.Error("rule: %s", rule)`
			`}`
			`return nil`
			`} else if err4 != nil {`
			`return err4`
			`} else if err6 != nil {`
			`return err6`
Fix QueueDNSResponses to include ip6tables 2019-01-26 20:56:12 -08:00			`}`
IPv6 support 2018-11-21 00:25:47 +01:00
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`return nil`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`}`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// QueueDNSResponses redirects DNS responses to us, in order to keep a cache`
			`// of resolved domains.`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`// INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass`
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`func QueueDNSResponses(enable bool, logError bool, qNum int) (err error) {`
			`return RunRule(INSERT, enable, logError, []string{`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"INPUT",`
			`"--protocol", "udp",`
			`"--sport", "53",`
			`"-j", "NFQUEUE",`
Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00			`"--queue-num", fmt.Sprintf("%d", qNum),`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"--queue-bypass",`
			`})`
			`}`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// QueueConnections inserts the firewall rule which redirects connections to us.`
			`// They are queued until the user denies/accept them, or reaches a timeout.`
intercept RELATED packets We must intercept RELATED packets, not only for intercept protocols like ftp-data, but also to handle connection errors (ICMP errors), like the ones originated when dis/connecting from a wifi network. 2020-07-25 21:48:16 +02:00			`// OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass`
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`func QueueConnections(enable bool, logError bool, qNum int) (err error) {`
			`return RunRule(ADD, enable, logError, []string{`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"OUTPUT",`
			`"-t", "mangle",`
			`"-m", "conntrack",`
intercept RELATED packets We must intercept RELATED packets, not only for intercept protocols like ftp-data, but also to handle connection errors (ICMP errors), like the ones originated when dis/connecting from a wifi network. 2020-07-25 21:48:16 +02:00			`"--ctstate", "NEW,RELATED",`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"-j", "NFQUEUE",`
Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00			`"--queue-num", fmt.Sprintf("%d", qNum),`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"--queue-bypass",`
			`})`
			`}`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// DropMarked rejects packets marked by OpenSnitch.`
misc: small fix or general refactoring i did not bother commenting 2018-04-10 13:11:39 +02:00			`// OUTPUT -m mark --mark 101285 -j DROP`
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`func DropMarked(enable bool, logError bool) (err error) {`
			`return RunRule(ADD, enable, logError, []string{`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`"OUTPUT",`
			`"-m", "mark",`
			`"--mark", fmt.Sprintf("%d", DropMark),`
misc: small fix or general refactoring i did not bother commenting 2018-04-10 13:11:39 +02:00			`"-j", "DROP",`
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00			`})`
			`}`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00
firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// AreRulesLoaded checks if the firewall rules are loaded.`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`func AreRulesLoaded() bool {`
			`lock.Lock()`
			`defer lock.Unlock()`

			`outDrop, err := core.Exec("iptables", []string{"-L", "OUTPUT"})`
			`if err != nil {`
			`return false`
			`}`
			`outDrop6, err := core.Exec("ip6tables", []string{"-L", "OUTPUT"})`
			`if err != nil {`
			`return false`
			`}`
			`outMangle, err := core.Exec("iptables", []string{"-L", "OUTPUT", "-t", "mangle"})`
			`if err != nil {`
			`return false`
			`}`
			`outMangle6, err := core.Exec("ip6tables", []string{"-L", "OUTPUT", "-t", "mangle"})`
			`if err != nil {`
			`return false`
			`}`

			`return regexRulesQuery.FindString(outMangle) != "" &&`
			`regexRulesQuery.FindString(outMangle6) != "" &&`
			`regexDropQuery.FindString(outDrop) != "" &&`
			`regexDropQuery.FindString(outDrop6) != ""`
			`}`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// StartCheckingRules checks periodically if the rules are loaded.`
			`// If they're not, we insert them again.`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`func StartCheckingRules(qNum int) {`
			`for {`
			`select {`
			`case <-rulesCheckerChan:`
			`return`
			`case <-rulesChecker.C:`
Fixed DNS responses firewall rule not deleted on exit Sometimes the INPUT rule for to queue DNS responses was not deleted. The code has also been reorganized. And a minor tweak to make an if{} more idiomatic. 2020-02-25 01:30:24 +01:00			`if rules := AreRulesLoaded(); rules == false {`
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`QueueConnections(false, false, qNum)`
			`DropMarked(false, false)`
			`QueueConnections(true, true, qNum)`
			`DropMarked(true, true)`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`}`
			`}`
			`}`
			`}`

firewall/rules.go formatted and documented. 2020-03-06 21:28:22 +01:00			`// StopCheckingRules stops checking if the firewall rules are loaded.`
firewall: check rules every 5s Every 5s check if our rules are loaded, and if they aren't, add them again. 2020-02-22 00:27:35 +01:00			`func StopCheckingRules() {`
			`rulesCheckerChan <- true`
			`}`
Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00
			`// IsRunning returns if the firewall rules are loaded or not.`
			`func IsRunning() bool {`
			`return running`
			`}`

			`// Stop deletes the firewall rules, allowing network traffic.`
			`func Stop(qNum *int) {`
			`if running == false {`
			`return`
			`}`
			`if qNum != nil {`
			`queueNum = *qNum`
			`}`

			`StopCheckingRules()`
Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`QueueDNSResponses(false, true, queueNum)`
			`QueueConnections(false, true, queueNum)`
			`DropMarked(false, true)`
Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00
			`running = false`
			`}`

			`// Init inserts the firewall rules.`
			`func Init(qNum *int) {`
			`if running {`
			`return`
			`}`
			`if qNum != nil {`
			`queueNum = *qNum`
			`}`

Do not panic if we can't insert fw rules Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error. 2020-07-30 01:10:53 +02:00			`if err := QueueDNSResponses(true, true, queueNum); err != nil {`
			`log.Error("Error while running DNS firewall rule: %s", err)`
			`} else if err = QueueConnections(true, true, queueNum); err != nil {`
			`log.Error("Error while running conntrack firewall rule: %s", err)`
			`} else if err = DropMarked(true, true); err != nil {`
			`log.Error("Error while running drop firewall rule: %s", err)`
Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here). 2020-04-19 20:13:31 +02:00			`}`
			`go StartCheckingRules(queueNum)`

			`running = true`
			`}`