subgraph-os-issues icon indicating copy to clipboard operation
subgraph-os-issues copied to clipboard

Published 20 hours ago verified publisher icon subgraph

Dependencies for fw-daemon and install in Debian 9

Open Zerokami opened this issue 6 years ago • 3 comments

I'm trying to convert Debian 9 template in Qubes OS into a subgraph template.

I tried to install fw-daemon_0.0.4-2_amd64.deb from https://devrepo.subgraph.com/subgraph/pool/main/f/fw-daemon/

But I'm now unable to access the internet from that template. Are there any extra dependencies that need to be installed?

If I open fw-settings I see no apps or settings except the tabs that are supposed to be there.

Zerokami avatar Mar 30 '18 01:03 Zerokami

I have a similar problem. I've tried to install fw-daemon on Debian 9.3/9.4 and it seem it doesn't work, because no prompts appear to ask the user to take an action on new connections and no marks are applied to the packets.

We have to wait for a response from the developers, but for now you can:

  • Remove the iptables rules that push packets to the fw-daemon queue to be filtered (at every boot): iptables -t mangle -D OUTPUT -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0 --queue-bypass iptables -t filter -D INPUT -p udp -m udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass

  • or stop fw-daemon: sudo systemctl stop fw-daemon

taonik avatar Apr 02 '18 03:04 taonik

As mentioned in a few other issues, there is a GTK GUI in the branches that we haven't integrated yet.

I am going to tag this issue as help wanted. Getting it to work in Debian with the GNOME shell prompts shouldn't be that difficult. An adventurous person could build fw-daemon from the shw-* branches if they want to experiment with the GTK GUI and identify any issues. Building a text GUI/TUI to handle prompts isn't on our roadmap but that is a project that somebody could take up. On our side, we don't have a lot of time to devote to these issues. We will likely be doing unrelated work on fw-daemon at some point but we cannot say when this will be.

mckinney-subgraph avatar Apr 02 '18 22:04 mckinney-subgraph

@mckinney-subgraph thanks for your quick answer. I've initially thought too that get fw-daemon to work on Debian with the GNOME shell would have been super easy, but it seems that things are more complicated. I can't understand why in Subgraph OS it works fine while in Debian not, since all packages (apps and configs), including subgraph-desktop-gnome should be in the 'aaron' repo and so there shouldn't be any problems in Debian.

In these days I'll try to build fw-daemon from the shw-* branches as you suggests and provide you with some logs.

taonik avatar Apr 03 '18 15:04 taonik