At this point in fireBwall’s development, we are keeping its foot print on the computer light. Once we have a more solidified plan for how we are going to manage things other than just packets at the NDIS layer, we will move into a more “official” position. This would include, installing as a service, registering with the security center, and disabling the Windows firewall. We are waiting for next release for ICMPv6, as the enabling of IPv6 came at the end of our release cycle, and ICMPv6 does so much more than ICMP did. For example, we need to make a module for dealing with NDP, which replaces ARP in IPv6. Now, someone had the genius idea to make a protocol for resolving MAC to IP relations based on IPv6 communication. I feel this is an extremely insecure method, and we want to put forth a strong effort to make sure that NDP poisoning doesn’t turn out like ARP poisoning. The IPv6 filtering that is in place actually in the most part comes in behind the scenes. Before, IPv6 went unprocessed, but now if you block port 80 incoming, it will block IPv6 addresses from connecting to port 80. Also the same with blocking specific IPs, you can input an IPv6 address for BasicFirewall rules that take IP addresses. As for the future plans, we are kind of still trying to figure out where we want to put our eggs. In the Windows version, we are understaffed, and have 0 funding. We are hoping that will change soon.
The linux version will have similar principles to it, but do not expect the same thing.
For big next steps for fireBwall, we are trying to pick one of the following to focus on, because our development team right now is two people, including myself, who are both in school and working a job: Developing our own driver, Per Application filtering with possible sandboxing, an easier way to update and distribute modules, and developing a good method for IPC for changes even further in the future. Right now while we are in this undecided phase for big changes, we are improving whats there. ICMPv6 is being filled out, but doing something like “Block all ICMPv6” won’t really make sense since it hosts NDP, so we’ll be coming up with an innovative solution to both NDP poisoning and being able to filter ICMPv6 without crippling network communication.
I’d also like to remind people, its not difficult to develop a module, and we will host your module for free. On firebwall.com you can submit your module, and you will get full credit. There is a tutorial on the google code page, and we are always available by email or on the IRC for any questions you may have regarding module development.
Sorry if I’m ranting, its been a long day, and we are waiting on word of funding and more developers. I’d like to thank Comodo for letting us post here, and if they feel like contacting me directly, I’m welcome to it.
-Brian W.