Cute Guarddog


"Protecting your computer with a cute little dog."


by Simon Edwards < >


11 March, 2007 - Stable version 2.6.0 is now available for download. It doesn't contain any significant changes from 2.5.1. Enjoy. - SBE

30 November, 2006 - I've been busy with other projects (like Guidance, Kubuntu and Python+Qt+KDE) for a long time now. And in that time I've received a fairly constant flow of patches, additions, translations etc for Guarddog. Even though I've been busy, it would be shame to let the work and contributions from the community be wasted. So, in the last few days I've finally put in the hours to gather up the material that has been sent in and turn it into a development release. With my excuses out of the way, it is time to announce...

Development version 2.5.1 is available to download. The biggest visible change is the addition of the "Port reference" tab. This extra functionality was contributed by Ray Lambert. (And I polished it just a tiny little bit). There are also some extra translations contributed by numerous people. The change log is here BTW. Thanks go to everyone for their contributions and patience. Questions and bug reports can best be placed on the mailing list. It has been a long time since I've had enough time to individually answer and help people set up Guarddog, sorry.

Now, on to the future. Guarddog is currently based on KDE 3 and Qt 3. Qt 4 has been out for quite a while already (about a year), and the KDE juggernaut is also moving along towards KDE 4. Although Guarddog hasn't been updated much lately, it is certainly not ready for retirement. In fact I've been thinking about porting it soon to Qt 4 / KDE 4, and opening up the development more by using a source code repository (like KDE's subversion repository) that other people could work on if they wanted to. As a matter of fact, I've already got a basic (read: incomplete) port of Guidedog to Qt 4 and Python.


13 August, 2005 - Development version 2.5.0 is available to download. It contains a fair few more translations and also an important change to the ICQ support. If you are using ICQ you will need to configure your ICQ client to listen on TCP ports 3900-3999. More details can be found in the change log - SBE

4 April, 2005 - The Mandrake RPM has been updated to fix that annoying bug where Guarddog won't be installed correctly and run at boot time. Thanks go to Rolf Pedersen and everyone else who has mentioned this problem. - SBE

1 March, 2005 - Added RPMs for Fedora 3 added to the download area. Thanks go to Gunner Poulsen. - SBE

19 December, 2004 - Added a RPM for SuSE 9.1 thanks to Lumir Vanek.

Tom Verbreyt of KDE-NL has also translated the first half of the Guarddog manual into Dutch. It can be read online here. - SBE

16 December, 2004 - Stable version 2.4 is now available for download. No major changes since the last development version. Look in the change log for more information about all of the changes since the 2.2 stable version. - SBE

12 December, 2004 - Updated the screenshots. Now with the Plastik theme. The old screenshots look like they were from KDE 2. - SBE

2 August, 2004 - Development version 2.3.2 is finally out and fixes a few long outstanding bugs. Sorry about that, I've been busy with a million other thing the last months. - SBE

19 April, 2004 - Paul Cupis has set up a Debian repository for Guarddog 2.3.0 for pure Debian Woody (KDE2.2) available at

Gunner Poulsen has also supplied packages for Fedora Core 1, available in the download section.


14 March, 2004 - Benoit Mortier has setup a repository with guarddog 2.2 and guiddog 0.9.1 for Debian Woody. - SBE

8 March, 2004 - Development version 2.3.1 is available. It adds a couple more protocols and should also work a bit better on 2.6 kernels. - SBE

3 January, 2004 - Development version 2.3.0 is available. This release adds a couple of highly requested features. Thanks go out to all who have submitted patches and such. All I have done is collected everything, put it together and stamped my name on the lot. ;-)

And yes everyone, is gone. If anyone has Guarddog packages and they are not on this page, then send me an email. - SBE

17 November, 2003 - also have Guarddog packages available for some other distributions such as SuSE. - SBE

29 September, 2003 - A new bug fixed RPM for Mandrake is available in the download section. It fixes a bad bug in the RPM itself that could leave your machine unprotected. Before installing this RPM, first uninstall any previous version of Guarddog. Do not do a RPM upgrade. - SBE

29 August, 2003 - Red Hat 9 RPMs for Guarddog 2.2.0 have arrived thanks to Gunner Poulsen. - SBE

26 August, 2003 - Stable 2.2.0 is out, RPMs for Mandrake 9.1 are also available. Support for other distributions is likely to appear over the next few weeks. No great changes since the last development version just added an update to the Danish translation. Major changes since 2.0.0:

Enjoy. - SBE

17 August, 2003 - Redhat 9 RPMs for 2.1.8 are available for download. Thanks to Gunner Poulsen. - SBE

17 August, 2003 - Release canidate version 2.1.8 is out. Unless something shows up in the testing of this version, it will be renamed and become the new stable version. So if anything is wrong or out of place, then let me know. - SBE

11 August, 2003 - Development version 2.1.7 is out. It contains some small bug fixes, plus French and Italian translations. I've also made a few remaining strings translatable. So any translators might want to check that thier .po file is up to date. - SBE

23 July, 2003 - Development version 2.1.6 is out. Small changes and updates to the documentation and translation. The changelog is here. This can be considered Release Canidate quality, I mean a real RC. If nothing shows up I'll rename this version and release it as the new stable. - SBE

17 July, 2003 - The Mandrake RPM of 2.1.5 had an incorrect dependance on If you tried installing it and got some error about blah blah, then try the new RPM. - SBE

28 June, 2003 - Development version 2.1.5 is out. No major changes, a new stable 2.2 should be coming soon. The changelog is here. - SBE

24 June, 2003 - RedHat RPMs of the current development version of Guarddog are now available (thanks to Gunner Poulsen) - SBE

3 June, 2003 - Due to building demand I've made a description of the network protocol XML file that Guarddog uses available in the development section. - SBE

22 May, 2003 - Maciek Plewa has contribued RedHat 9.0 RPMs for Guarddog 2.0.0. Get 'em here. - SBE

2 May, 2003 - Back from the dead. Last Tuesday some extremely uncool person hacked the server hosting this website - and probably a heap of other websites - and basically trashed it. I don't have much in the way of details myself, the server is run by a 3rd party hosting company, but this site has been off the air since Tuesday, including my email too. Anyway, we're up on a new server now and the DNS change should be sorting itself out pretty soon too. I have no reason to believe that the attack was directed against this particular site and I've also checked the files that were restored from backup. Everything appears to be in order. Ironically, the absence of email an mailing lists gave me some time to do some hacking of my own. (Python and Qt is a match made in heaven! ;-) ) - SBE

29 April, 2003 - Development version 2.1.4 is out. Some more protocols have been added, also some minor bugs have been squashed. Guarddog's "packet IP address to zone" matching code has been tweaked a bit. It now uses a "best fit" approach. The changelog is here. - SBE

25 March, 2003 - Development version 2.1.3 is out. Added some more protocols, tweaked some others. The changelog is here. - SBE

12 March, 2003 - The Guarddog mailing list is now being archived over at There you can browse and search all of the previous messages. Thanks to Lars Magne Ingebrigtsen, Tom Koelman and the rest at! - SBE

2 March, 2003 - Development version 2.1.2 is available, and I've actually bothered to smoke test this one. ;-) Some requested protocols have been added, plus some fixes, and it should also play a bit better with IPSEC. Details in the log - SBE

15 February, 2003 - Development version 2.1.1 is available now. No really big changes, just some more fixes. Details in the log. - SBE

17 December, 2002 - Vacation! I'm going off on a longish vacation until mid-febuary 2003. This means I'll be away from email and computers for a while. Do try the mailing list if have questions about Guarddog. I won't be there but with a bit of luck someone on the list might be able to help you. Happy Holidays. - SBE

29 October, 2002 - A mailing list for Guarddog users is now available. People wanting help with using Guarddog are invited to use this list instead of emailing me directly. - SBE

24 October, 2002 - Redhat RPMs of development version 2.1.0 are available. Thanks Matt. - SBE

20 October, 2002 - Development version 2.1.0 is available now. It adds a bunch of new protocols (thanks to those who helped with these) and the possibility to specify multiple DHCP interfaces (separate interface names with a comma). So please, if you are feeling brave, try it out and let me know what breaks. More detail is in the changelog. - SBE

8 October, 2002 - RedHat 8 RPMs. Get them here. Thanks Matthew Schick. Matt also has an apt repository for RedHat 8.0:

rpm pub/apt/redhat/8.0/en/i386 os updates freshrpms mattrpms
rpm-src /pub/apt/redhat/8.0/en/i386 os updates freshrpms mattrpms


29 September, 2002 - Continuing the great trend of no two Mandrake releases being fully compatible with each other, I present RPMs for Mandrake 9. Now available for download thanks to Maciej Plewa who compilied them up. Seriously though, I just installed Mandrake 9 and am rather impressed. I just hope that they don't have to break binary compatibility for a (long) while. - SBE

17 July, 2002 - RPMs for SuSE 7.2 with KDE 2 or 3 are now available thanks to Adam Kreuschner. - SBE

9 July, 2002 - Redhat 7.2 and 7.3 RPMs for Guarddog 2.0.0 have been contributed by Matthew Schick. Matthew has also set up an apt repository containing Guarddog 2.0.0.

rpm pub/apt/redhat/7.3/en/i386 mattrpms
rpm-src /pub/apt/redhat/7.3/en/i386 mattrpms

rpm pub/apt/redhat/7.2/en/i386 mattrpms
rpm-src /pub/apt/redhat/7.2/en/i386 mattrpms


9 July, 2002 - Version 2.0.0 is here finally. No big changes since the last release candidate. RPMs for the Mandrake are available right now, and RPMs for other distributions are likely to follow quickly. A big thanks to everyone who has helped out with development. Enjoy. - SBE

3 July, 2002 - 1.9.16 RPM for RedHat 7.2 is in the download section, thanks to Gunner Poulsen. - SBE

28 June, 2002 - I've put up RPMs for stock Mandrake 8.2 (KDE 2) and also ones for Mandrake 8.1 - SBE

21 June, 2002 - There is a small bug in 1.9.16 that I released yesterday, that stops it from compiling on Qt2 (read: KDE 2) systems. For those who can't wait, the fix is quite easy. After unpacking the tar ball, open up the guarddog/protocoldb.cpp file go to line 315 and change the word 'size' to 'count'. It should look like this:

for(i=0; i<languages.count(); i++) {

Now you should be able to compile. Sorry for the inconvenience, my KDE 2 machine is off-line at the moment which has made testing a bit tricky.

RPMs for KDE 3 on RedHat and SuSE are now in the download section too. - SBE

20 June, 2002 - Development version 1.9.16 is out. There are quite a lot of bugs fixes in this release, including some important ones. See the changelog for the details. Right now there are only RPMs for Mandrake with KDE3 available. Some translations for the program text have also been contributed, although right now they don't appear to be working. (I can't get Guarddog to use them). This is one of the few remaining issues before 2.0 can be released).

This version can also be considered a Release Candidate. Enjoy. - SBE

25 May, 2002 - Gunner Poulsen has written a tutorial in Danish describing how to set up a Linux machine to act as a router using Guarddog and Guidedog. -SBE

20 May, 2002 - The RPMs for SuSE have been updated. These ones fix a bad dependency in the RPM files which for some people may result in the RPM program complaining about a missing file or something.

iptables 1.2.6a - Is anyone using Guarddog with this version of iptables? Is it working ok? Mail me. - SBE

7 May, 2002 - I've made RPMs for Mandrake 8.2 with KDE 2. I haven't tested them out, but they should work ok. BTW, I'll be away on holidays next next week, so don't expect mail replies after Friday.

I assume everyone is aware of the news coverage of Guarddog over at The Dot.

Update: I was busy uploading my new RPMs when Matthew Schick send me RPMs for the recently release RedHat 7.3. Thanks Matt. Everything is in the download section.


30 April, 2002 - RPMs of development version 1.9.15 for Redhat and SuSE are now in the download section. The SuSE RPMs come in two flavours, one for KDE 2, and another for people who have installed KDE 3. Thanks to Matthew Schick and Adam Kreuschner. - SBE

28 April, 2002 - Development version 1.9.15 is out. Minor fixes and additions. RPMs for Mandrake 8.1, and Mandrake 8.2 with KDE 3, are currently available along with the usual tar ball of course. This version can be considered a Release Candidate. Yes, I can also most smell version 20 from here. - SBE

12 April, 2002 - Just some tips on compiling Guarddog for KDE3. I recently installed KDE3 on my Mandrake 8.2 machine alongside KDE2. To get it to compile I had to tell configure which Qt library to use.

./configure --with-qt-dir=/usr/lib/qt3/ --enable-mt

Also, at least for me, Qt 3 is actually the multithreaded version, so I also added --enable-mt so that configure would use the correct Qt 3 library when compiling. After that configure was happy, and make too. I haven't tried installing and running yet. :-) - SBE

10 April, 2002 - RPMs for Mandrake 8.2 are now here. Special thanks to David Grant, who made a good attempt at making some 8.2 RPMs before I managed to get and install 8.2.

Also thanks and cheers to Mandrake. Version 8.2 is working very well, has been bug free and best of all, all my hardware was automagically found and setup correctly. :-) Now, on to KDE3... - SBE

2 April, 2002 - RPMs for Redhat and SuSE are now in the download section. Thanks to Matthew Schick and Adam Kreuschner again. - SBE

1 April, 2002 - Development version 1.9.14 has been released, containing some more minor fixes and the addition of some more protocols. I hope to be releasing a Release Candidate, real soon.

Also, has anyone been able to use xdm or kdm and X with the -indirect flag to find available login hosts on a network?


21 March, 2002 - Updated the testing section with info mainly from Gene March, Tim Underwood. Thanks guys. I've also updated the manual for Guarddog 2. Do take a look at it. - SBE

14 March, 2002 - Updated the testing section. Please people, go to the testing page and email me about what you have working. Don't be shy. It's the best way you can help move Guarddog to version 2.0. - SBE

12 March, 2002 - RPMs for Redhat and SuSE are now in the download section. Thanks to Matthew Schick and Adam Kreuschner. - SBE

8 March, 2002 - Development version 1.9.13 is out. There was a problem with the previous release that caused ugly XML parse errors to appear when Guarddog is started. I don't know what happened, the XML file in the archive was corrupt but the master copy was not (i.e. I didn't have to fix it in any way). Sorry for the trouble people. Thanks to all who send bugs reports, hunches, detailed error messages, windowshots, screenshots, directions to fix the bug, patchs, fixed new tar balls, sets of fixed RPM files, or all of the above. =) - SBE

7 March, 2002 - Development version 1.9.12 is out. Some more bug fixes, and support for CDDB, MSN Messenger, VNC and PPTP has been added. Please test things out and report things back to me.

Update: Matthew Schick has provided Redhat 7.2 RPMs for 1.9.12, in record time might I add too.


1 March, 2002 - The new manual for Guarddog 2 is now mostly complete; all three tutorials and now reference sections have been written. You can view it now online. - SBE

22 February, 2002 - RPMs for Redhat 7.2 and SuSE 7.2/7.3 are now available for download. Thanks to Matthew Schick and Adam Kreuschner for that.

Also I just want to say hello to all the people how went to FOSDEM last weekend, and thanks to the organisers. It was a great conference/meeting.


21 February, 2002 - Development version 1.9.11 is out. There are quite a few important bug fixes and initial support for Telstra's BigPond Cable in Australia. As always go read the changelog for the full details. - SBE

18 January, 2002 - Redhat 7.2 RPMs are now available for development version 1.9.10. Thanks again to Matthew Schick. - SBE

17 January, 2002 - Development version 1.9.10 has been released. It is Beta quality, which means brave people are encouraged to download and try it out and report any problems (or sucesses!). Actually I've gone a bit further than that and have set up a testing page with detailed directions on what you can do to help test Guarddog and make sure that it is secure and trustworthy. It's not too hard and any contribution would be greatly appreciated by all Guarddog users. There is also a "scoreboard" on the testing page which shows the current state of each protocol supported by Guarddog. The scoreboard will naturally be updated as I receive information and feedback.

I've also freshened up the screenshots too.

An update on when 2.0 is due. It basically depends on how the testing goes and how long it takes for me to finish writing the manual and documenting the protocol help. I've never done any testing in quite this way before. So I don't know what to expect.


23 December, 2001 - Redhat 7.2 RPMs are now available for development version 1.9.9. Thanks to Matthew Schick again. - SBE

20 December, 2001 - Development version 1.9.9 is out. More bug fixes including some very important fixes for ipchains support. It had been broken for a while now. I guess no one uses ipchains these days. (Good to hear really). - SBE

3 December, 2001 - Redhat 7.2 RPMs are now available for development version 1.9.8. Thanks to Matthew Schick. - SBE

29 November, 2001 - Development version 1.9.8 is now out. This fixes a nasty bug (described below), and a few other bugs. - SBE

27 November, 2001 - YOUR ATTENTION PLEASE!!! I just discovered a bug in the current development version 1.9.7 where the generated firewall script may cause your machine to appear to hang at boot time. This has happened to me using Mandrake 8.1. If you machine is booting and stops around "Enabling swap space" and just sits there, press Control-D. It should then continue to and boot normally. Once it has booted you can uninstall Guarddog and delete your /etc/rc.firewall file. Now your machine should be able to boot normally again. I'll put a fixed dev version up here soon. Sorry about that people.

(For the curious, the problem is the use of 'exit' in the generated firewall script. 'exit' should be replaced with /bin/true or /bin/false.)- SBE

19 November, 2001 - Development version 1.9.7 has been released. Quite a few bug fixes and also DHCP and NFS should be working, go check the change log. The README file in the tar ball has been updated, so please make sure you read/reread it. - SBE

9 November, 2001 - The first development version of Guidedog has been released. It will interest anyone wanting packet forwarding (routing) and IP masquerade. It compliments Guarddog nicely.

I've also written a third tutorial explaining how to use Guarddog along with Guidedog to firewall a LAN. - SBE

26 October, 2001 - If you are using SuSE 7.2 (and maybe other distros/versions) and you try to install Guarddog from source and you get an error message like "Unable to open the network protocol database XML file", instead of just using "make install" as the last step, try:

make install prefix=/opt/kde2/

(If you have already installed Guarddog, go to the source tree and do a "make uninstall" to remove the installed files, and then do "make install prefix=/opt/kde2/"). Some distributions install KDE2 in wierd places. This advice may work on other distobutions too, but you may have to substitute "/opt/kde2/" with where ever KDE2 was installed. I guess now you people are going to ask me how to work out where KDE2 is installed. One possible way is to run this in a Konsole:

which konqueror

One my machine this displays "/usr/bin/konqueror", therefore "/usr" is where KDE2 is installed and is what I should use when installing on my machine.

BTW, I'm also going away on a little holiday, so don't expect to see any reply email for a week. When I get back I hope to quickly release the first development version of Guidedog, which should help shut up the people who like to beg me for routing and NAT support. ;-) (soon it will be easy people) - SBE

19 October, 2001 - I've upgraded my machines here to Mandrake 8.1 and it appears that the Guarddog development version 1.9.6 Mandrake RPM works fine on 8.1.

BTW, while upgrading I've managed to loose my private GPG key. grrr... So please no encrypted mail until I get another key up and happening. - SBE

10 October, 2001 - I've (finally) put up a draft of the second tutorial covering the use of Zones in Guarddog 2. Go have a read of it. The other tutorial is here.

If anyone is installing the development Guarddog version on thier machine and does something other than "configure, make, make install" to get Guarddog 2 working, could you please send me an email explaining which Linux distribution and version of KDE you are using, and also what you had to do to get Guarddog working. Some people are having trouble getting Guarddog working on Debian and SuSE. - SBE

28 September, 2001 - Development version 1.9.6 released. Featuring mainly bug fixes and some more protocols. Go to the changelog for more info. Download it, try it out and flame me when it doesn't work. ;-)

Some other good news. In the last 4 weeks I've purchased and put together a second machine for the lab. This will make it much easier for me to test out, stress test, and generally debug Guarddog.

I've removed all the old out dated development files and RPMs from this site. If anyone wants Redhat RPMs; send me some Redhat CDROMs and I'll install it and make Redhat RPMs. Some goes for other Linux distrobutions. Unfortunately downloading it isn't practical for me at the moment.

Anyway, development is moving forward, even though the pace feels a bit slower than what I would like. I'll try to release a bit more frequently. - SBE

29 August, 2001 - Development version 1.9.5 released. This time many bug fixes and also the ability to Import/Export firewall scripts for use on other machines, and you can now get more detailed info in the help on the Protocol tab. - SBE

17 August, 2001 - The ICQ support in the current development version (1.9.4) is a bit buggy, in fact it'll completely open your firewall. DO NOT ENABLE ICQ! Wait until the next development release where this is fixed. Thanks to Con Kolivas for that one. - SBE

12 August, 2001 - Development version 1.9.4 released featuring some bug fixes and radically improved firewall starting GUI. i.e. no more konsole. Go check out the new screenshot.

This version is theoretically feature complete. Unless something really bad is discovered, I will move the project into a kind of beta testing phase soon.

If there is anyone in the Nijmegen area who wants to sell a computer, email me. I'm looking for a second machine to use for development and testing. (Something like a Celeron 300 class machine).


19 July, 2001 - Just a note to say that I'm going off on holidays for two weeks and will be away from email. Happy vaction to everyone in the Northern hemisphere, and to the rest; Get back to work dammit!- SBE

14 July, 2001 - I've been spending some time working on the manual for Guarddog (*gasp!*) and have put a first draft of the first tutorial covering Basic Configuration up on the site. I strongly recommend that everyone read it or at the very least browse through it. More advanced tutorials will be coming in the future. - SBE

11 July, 2001 - There are new 1.9.3 RPMs for RedHat 7.0 in the download section. Thanks again to Per Larsson. - SBE

9 July, 2001 - Development version 1.9.3 released. Please note that this version is not compatible with the last development version. If you start it up and it complains about a problem in the config file and some "CONNECTED=?" stuff, just click through and re-enter your firewall info. This development version features a much needed clean up of the GUI. The screenshots have been updated so go have a look. Also some bugs have been fixed and it is now possible to specify which zones are connected to each other.

I intend to spend some time working on the Guarddog manual. I'll (re)write the tutorials first and put them up on the web site so that you people can get some ideas about what it is you are supposed to do with Guarddog. I also plan to write about using Guarddog on a router/gateway machine and also about using IP masquerade with Guarddog on Linux kernel 2.4 machines. Yes it is possible.

Finally, the download section now has RPMs for RedHat 7.0 kindly provided by Per Larsson. They are version 1.9.2, but hopefully will be fixed soon. ;-) I don't know if they will work on other RedHat versions.

One last thing. Is there much demand for a mailing list?


16 June, 2001 - There is a new Mandrake RPM in the download section. It should install fine without demanding some stuff. Thanks to those who reported that. - SBE

15 June, 2001 - It has just come to my attention that there is a problem with the Mandrake RPM concerning dependances and The source RPM and tar ball should be fine. More info and maybe a better RPM once I've had time to investigate. - SBE

14 June, 2001 - Development version 1.9.2 released. Kernel 2.4 netfilter/iptables is now supported along side older ipchains. The iptables support includes the new stateful connection tracking features and also advanced logging with rate limiting and also warning messages when rate limiting is being applied. Also the zones now accept domain names as addresses and not just IP addresses.

An RPM for Mandrake 8 is now in the download section. The RPM will only work on Mandrake 8. When I get time I intend to install Mandrake 7.2 on another partition and make and test an RPM for Mandrake 7.2 with ipchains.

Guarddog is getting much closer to 2.0. I don't expect any more big changes. This means you are invited to hammer on the Guarddog firewall and let me know what happens. Really test it out.

After having gotten to know netfilter and iptables I can say that 'they' have done an amazing job on the new packet filtering system in Linux kernel 2.4. It's much more powerful while at the same time being much much simplier to use. It now allows for the creation of very tight firewalls can will also detect and block many more types of stealth scan and other attacks. iptables is also much easier to use (at least for me!), especially now that packet fitlering and packet mangling (read: NAT/ip masquerade) have been cleanly separated. If you have a machine in use as a router or firewall I can strong recommend an upgrade to Linux kernel 2.4, the new networking really is that much better.

Having said that, I've had some thoughts about things like NAT/IP masquerade support in Guarddog. Earlier Linux kernels that ran on ipchains and its ancestors unnaturally mixed firewalling and packet mangling like NAT all together in one big blob. Basically, you couldn't develop a firewall and set up NAT seperately, you had to do it in the same place at the same time. Now that restriction is gone in kernel 2.4 and I intend to take advantage of it in Guarddog. I've decided to *not* add any direct NAT/IP masquerade support to Guarddog. This means no Guarddog and NAT/IP masquerade on older kernel 2.2 systems. For kernel 2.4 systems this means you can use Guarddog as your firewall, but you have to use an external script or utility to turn on and configure NAT/IP masquerade. The good news is that thanks to the separation of packet fitlering and packet mangling in 2.4, a script to turn on and configure NAT/IP masquerade should be smaller than this paragraph. Guarddog will happily filter and firewall packets reguardless of whether they are going to/from the machine or are just being routed through it. I intend Guarddog to be a firewall and not a general purpose packet mangler. If I had the time and need I would write a dedicated user friendly app for setting up IP masquerade, port forwarding and other packet mangling features. Unfortunately I don't have the resources to develop and test such a tool.


23 May, 2001 - I lost mail last week between Tuesday 15 to Sunday 20. If you sent anything important around then and haven't recieved a reply then just resend. - SBE

9 May, 2001 - Development version 1.9.1 is now in the download section. The ability to mark a protocol to be rejected by the firewall was added. (Rejecting a protocol is like blocking it as normal but it also informs the source that the packet was blocked). You can now specify "User Defined Protocols" which will then show up in on the protocol page. This makes it possible to open up specific ports and generally drill holes through your firewall when you need to. Go check out the added screenshots too.

People please note that Guarddog version 1.0 or 1.9.x currently does not support the 2.4 series of the Linux kernel. I *still* haven't been able to get Mandrake 8 CDs that work and install. Once that is done I'll be testing and making sure Guarddog does work correctly with Linux 2.4. For now Guarddog 1.0 may or may not work fine on 2.4, but I have not tested this myself. So lacking any other information assume that it is *not* safe for use on 2.4 systems. Support for 2.4 kernels is definately planned for the next major Guarddog version. More info when I have it. - SBE

14 April, 2001 - It may be April now, but that doesn't mean I haven't been busy since January. Development version 1.9.0 is now in the download section. It's the first development release on the road to Guarddog 2.0 in which I hope to support a whole new bunch of requested goodies. More info is in the Change Log. - SBE

17 January, 2001 - Whooh! Stop the presses! If you downloaded the 1.0.0 release before this message was here, then uninstall it, delete it from your system and download it again. There was a slight problem with the original 1.0.0 that I uploaded here. Sorry. - SBE

17 January, 2001 - 1.0.0 release. Only a few additions have been made to the documentation, but everything is in good enough condition that I can call this 1.0.0. :-) Also go visit Watchdog my firewall monitor that is currently in development. - SBE

22 December, 2000 - 0.9.5 release. Generated firewalls now setup the kernel networking protection. Generated firewalls are now tighter, only opening the Local Port range instead of all non-privileged ports where appropriate. Added option to always Reject Auth requests. (This can speed up POP connections). - SBE

30 November, 2000 - 0.9.4 release. Small fix for ISDN users. (Thanks to Joerg Buchland). - SBE

22 November, 2000 - 0.9.3 release. Now requires KDE 2. Most of the GUI code has been rewritten for KDE 2. GUI has also been cleaned up somewhat. (Go check out the new screenshots below). It also attempts to automatically identify which interface is being used to access the net. (Thanks to J. F. Gratton). Added an option to completely disable the firewall.

This version has only been tested on Mandrake 7.2 and expects to be able to put the firewall script at /etc/rc.firewall and have it run each time at boot. If anyone knows where Guarddog should place it's firewall script for other Linux distributions then please email me the details. I only have access to Mandrake 7.2 at the moment.

Unless I get reports of something really wrong with this version, in a few weeks I'll probably relabel it and release it as version 1.0. At this point in time I'm not aware of any crashes. The only things that I would like to have fixed before a 1.0 release is to get the whole build/autoconf/automake/blah system sorted out and behaving properly, and also to figure out why KDE doesn't display an icon for Guarddog in the Kicker panel at the bottom of the screen.

Anyway, enjoy. - SBE

7 October, 2000 - It has been pointed out to me that some of the HTML manual pages for Guarddog are missing from the tar and rpm files. Bummer. You can go here to see the complete manual with all of its pages, FAQs and all. (thanks Sergio) - BTW, if anyone is trying to contact me over the next few weeks, forgive me if I don't respond quickly. My personal life will be a bit crazy for a while. - SBE

11 September, 2000 - First attempt at a Redhat RPM. Go check out the downloads. - SBE

4 September, 2000 - 0.9.2 released. RealPlayer support added. Small changes to the GUI to fix a few layout problems. Still not perfect, but much better. Manual is much more complete now. Now has a tutorial and FAQ section. I'm trying to organise a proper Redhat 6.2 RPM for Guarddog. Does anyone know where I can find a Redhat RPM for kdesu? - SBE

2 August, 2000 - I'm currently fairly busy working on getting the manual up to 'scratch'. The current state of the manual is here. A first draft for the tutorial and the Questions and Answers section has been written. Let me know what you think. If you have a question about Guarddog go check for it in the Questions and Answers section first. BTW, after August 11 development speed should rapidly increase. - SBE

2 August, 2000 - Start of news section.


Guarddog is a firewall configuration utility for Linux systems. Guarddog is aimed at two groups of users. Novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hastle of dealing with cryptic shell scripts and ipchains/iptables parameters.

Online Manual

Here is the manual for Guarddog 2.4.

Mailing List

There is currently one mailing list for Guarddog: Guarddog-user. It is for users of Guarddog for discussion and questions. Please use this list for help instead of emailing me directly. Subscription and other information about the list is here.

Questions and comments about the development of Guarddog are welcome on this list too.

There is a searchable and browsable archive of the list over at

The mailing list is hosted thanks to Source Forge.


The current development version of Guarddog can be downloaded below.

A draft description of the XML format that Guarddog uses to describe network protocols is available here below. It is still a draft, has some missing sections and isn't organised too well, but it's a start:

protocoldb.txt v0.9


Stable Version

Requires either KDE 3 and Linux kernel series 2.2 or higher.

Tar ball

2.6.0: guarddog-2.6.0.tar.gz ~1320Kb


Guarddog 2.4 can also be used using URPMI and the RPM repository that I've set up here.

2.4.0 RPM: guarddog-2.4.0-2mdk.i586.rpm ~358Kb
2.4.0 Source RPM: guarddog-2.4.0-2mdk.src.rpm ~817Kb

SuSE 9.1 (contributed by Lumir Vanek)

2.4.0 RPM: guarddog-2.4.0-0.1.SuSE91.i686.rpm ~339Kb

RedHat 9 (contributed by Gunner Poulsen)

2.2.0 RPM: guarddog-2.2.0-1rh9.i386.rpm ~313Kb
2.2.0 Source RPM: guarddog-2.2.0-1rh9.src.rpm ~819Kb

Fedora 3 (contributed by Gunner Poulsen)

2.4.0 RPM: guarddog-2.4.0-1fc3.i386.rpm
2.4.0 Source RPM: guarddog-2.4.0-1fc3.src.rpm

Debian Woody (Benoit Mortier)

Repository with guarddog 2.2 and guidedog 0.9.1

MD5 Sums:

9bf49d46fbe619c73ded80875c6bcc6f  guarddog-2.4.0-1fc3.i386.rpm
dbb2100aa3b56666ad70c53a2148c495  guarddog-2.4.0-1fc3.src.rpm
236b5f572914402ee2714145095b093d  guarddog-2.4.0-2mdk.i586.rpm
8a5694999d93d5cd842ec2bfc073573d  guarddog-2.4.0-2mdk.src.rpm
94753f72d62974914485c9aae07b1772  guarddog-2.4.0.tar.gz
1d5b7d628b3165490034f9b8adacf4f8  guarddog-2.4.0-0.1.SuSE91.i686.rpm
66575a6b9e0fe77a66230765adae92c7  guarddog-2.5.0-1mdk.i586.rpm
b3eda428788a4173f17b51b60d6b49be  guarddog-2.5.0-1mdk.src.rpm
baa25ee6e20bb49a96259077e67ba097  guarddog-2.5.1.tar.gz
a1535c4e3f668ea1de5a12f671e7af13  guarddog-2.6.0.tar.gz

Change Log

* March 11th 2007 Simon Edwards <>
- 2.6.0 release. Stable release.

* November 30th 2006 Simon Edwards <>
- 2.5.1 release. Development release.
- Russion GUI translation added. (Chapay Sergey)
- Hungarian translation add (Csaba Zakarias)
- TFTP and netconsole support added. (Vassilis Virvilis)
- rdesktop added. (Vassilis Virvilis)
- svnserve added. (Vassilis Virvilis)
- SMTPS added. (Vassilis Virvilis)
- Port reference tab added (Ray Lambert)

* August 13th 2005 Simon Edwards <>
- 2.5.0 release. Development release.
- Spanish translation added (Antonio Diaz)
- Spanish translation of the manual added. (Antonio Diaz)
- Czech translation added (Tomas N?mec)
  [sorry for mangling your name Tom]
- 'Splitter' added to the protocols tab (Davy Gigan).
- ICQ danger level set to high.
- ICQ limited to a much smaller and much safe range of TCP ports (3900-3999).

* December 16th 2004 Simon Edwards <>
- 2.4.0 release. Stable version.
- Danish translation updated. (Gunner Poulsen)
- Fix for XDCMP, it wasn't bi-directional. (Josef Urban)
- Italian protocoldb translation updated. (Costantino)

* August 1st 2004 Simon Edwards <>
- 2.3.2 release. Development release.
- Added Microsoft Media Server protocol (typically used by Windows Media
- Fixed a bug in the disable firewall script.
- Fix for NTP.

* March 7th 2004 Simon Edwards <>

- 2.3.1 release. Development release.
- Added Jabber over SSL.
- Added PGP key server.
- Patch for kernel 2.6 (Paul Cupis)
- Italian translation update (Costantino).
- Danish translation update (Gunner Poulsen).
- Dutch translation update (Rinse de Vries)

* January  3rd 2004 Simon Edwards <>

- 2.3.0 release. Development release.
- Bittorrent added. (thanks to Steve Horsley)
- Italian translation updated (Ceoldo Costantino)
- Spello fixed (thanks J. Wren Hunt)
- rsync, distcc, gkrellm protocols added (thanks to Roger Luethi)
- User defined protocols now support port ranges (patch from Per Agerb´┐Ż)

* August 26th 2003 Simon Edwards <>

- 2.2.0 release. Stable version.
- Danish translation updated. (thanks Gunner Poulsen)

* August 17th 2003 Simon Edwards <>

- 2.1.8 release.
- Translations updated.

* August 11th 2003 Simon Edwards <>

- 2.1.7 release.
- Now recongnises and supports 2.6 kernels. (thanks Roger Luethi for the tip)
- A updates to the build system for Debian from Paul Cupis.
- French translation, GUI + protocol info by Pascal Billery Schneider.
- Italian translation, GUI + protocol info by Ceoldo Costantino.
- i18n'ised some last remaining strings.

* July 23rd 2003 Simon Edwards <>

- 2.1.6 release.
- Some spelling/grammar fixes to the manual from Onno Benschop.
- Patch from Glen Ditchfield. Guarddog now compiles on KDE 2 again.
- Added some DE translations from Ralf Hempel and Dominik Stadler.

* June 28th 2003 Simon Edwards <>

- 2.1.5 release.
- Small GUI fixes.
- The network protocol DB should be super-valid XML now. (thanks to
  Glen Ditchfield)
- Fix for pcAnywhere. (thanks to Ed)
- Small XML parsing bug fixlet (thanks Glen Ditchfield)
- Manual has been reviewed.

* April 29th 2003 Simon Edwards <>

- 2.1.4 release.
- Added Novell Netware 5/6 NCP File system protocols.
- Added 'Time' protocol. (thanks to Glen Ditchfield).
- When matching packets to zones. Guarddog now uses a simple "best fit"
  algorithm. A packet address (eg will match a zone containing
  a more specific address (eg exactly instead of matching
  another zone containing a less specific address (eg
  (suggested by Jeff Snyder)
- Fixed a bunch of bugs that could cause Guarddog to crash when dealing with
  zone addresses using subnet masks.
- A bunch of compiler warnings fixed. (patch from Glen Ditchfield)
- Firewall scripts now sets LC_ALL when temporary changing language.

* March 25th 2003 Simon Edwards <>

- 2.1.3 release.
- Added script which can be used to reset the linux
  firewall subsystem from the command. (Almost the same as going to
  Guarddog, ticking the Disable checkbox and clicking the Applying button.)
- Added support for FreeDB and Elster (German Tax program). (thanks Martin
- Tweeked NFS again.
- Tweeked IRC too for DCC.
- Added support for Yahoo games. (thanks to  Dennis Warner)
- Fixed a bug that caused Guarddog to produce broken scripts sometimes.
  (thanks Japie for reporting this)
- Added support for Legato NetWorker backups. (Thanks to Wilma for the URLs)
* March 2nd 2003 Simon Edwards <>

- 2.1.2 release.
- Firewall script uses LANG=US instead of LANG=C. (thanks Peter Kesch)
- Fixed broken XML in the protocol DB. (thanks Bruce Halco)
- Added eDonkey2000 protocol support. (thanks to Japie for the URLs)
- Added EverQuest support. (thanks to Ronald Fenner for the URL).
- Added ICP protocol support. (Attn: Squid users, thanks to Yannick Le
- Added port 8888 to HTTP as another alternate port.
- Now detects if IPSEC is being used and makes sure the kernel rp_filter
  is correctly set for each network interface. (thanks to Peter Kesch for

* February 15th 2003 Simon Edwards <>

- 2.1.1 release.
- Small fix for NFS and mountd.
- Added Dutch translation contributed by Rinse de Vries.
- Bug fix for the PC Anywhere support by Paul Cupis.
- Privoxy support added. Thanks Maciej Plewa.

* October 20th 2002 Simon Edwards <>

- 2.1.0 release.
- AIM, Fasttrack, Kazaa, iMesh, Grokster, Blubster, Direct Connect, WinMX
  and Yahoo! Messenger protocols added to the DB. Contributed by Maciej
- It is now possible to sepecify multiple DHCP interfaces. (comma separated).
- AH and ESP protocols to the DB. Contributed by Jarl Stefansson.
- Added Jabber and EsounD protocol support.
- Increased the IRC server ports from 6667 to 6660-6669. (Thanks Maciej

* July 9th 2002 Simon Edwards <>

- 2.0.0 release.
- Fixed a small bug that was stopping Guarddog from compiling on Qt2.
- Fixed a small bug in the kernel detection scipt/code. (Reported and
  patched by Jess Thrysoee).
- Reviewed and edited the manual.
* June 20th 2002 Simon Edwards <>

- 1.9.16 release.
- Fixed a major bug in the output script code concerning the use of &>
  redirection. This bug made most of the kernel tweaking code useless.
  (Thanks to Martin Matti Raivio for finding that one.)
- Fixed a bug in the SNMP support. (Thanks Michele Ferritto).
- Fixed a bug that was stopping ICQ direct messages.
- Fixed Yet Another SMB bug, affected network printers. (Thanks Jason
- Bug fixes related to internationalisation and translation use in Guarddog.
- Additions and updates to the manual.
- Doing "Apply" and "Ok" now only tries to run the firewall script once.
- Added Italian translation of the program strings from Daniele Medri.
- Added Germany translation of the program strings and protocol text from
  Stephan Johach.
- Fixed a crash bug related to the import functionality.
* April 28th 2002 Simon Edwards <> 

- 1.9.15 release
- Changed the 'Apply' button behaviour a little. 'Apply'->'Cancel'->'Keep
  settings' is now permanent, unlike before. The previous behaviour was
  a little unexpected.
- Added Danish translation file from Gunner Poulsen.
- Added CVS-server, DICT support.
- It should now compile ok on KDE 2 and 3. (With KDE 3 you may have to
  specify to configure --enable-mt and --with-qt-dir=... )

* April 1st 2002 Simon Edwards <>

- 1.9.14 release
- Now correctly detects which filter system is being using on 2.5 kernels.
- Moved NNTP to the Mail section.
- Small fix to Windows Networking (NETBIOS).
- Added Kerberos, klogin, kshell, NIS, IMAPS, POP3S, ISAKMP.

* March 8th 2002 Simon Edwards <>

- 1.9.13 release
- Something happened when I made the last tar ball which corrupted
  the networkprotocoldb.xml file by one character. (honest!) I'm
  rereleasing 1.9.12 basically with this new version name to avoid

* March 7th 2002 Simon Edwards <>

- 1.9.12 release
- Should work ok with recent autoconf versions now, and will probably
  work on KDE3 too. (Thanks to Carsten Pfeiffer)
- No longer requires that packets creating a NEW tracked connection have
  thier SYN bit set. It can now pick up previously dropped (tracked)
  connections. (Blocking !SYN was causing too many log entries and a bit of
  trouble elsewhere).
- Added CDDB, MSN Messenger, VNC and PPTP support.

* Feburary 20th 2002 Simon Edwards <>

- 1.9.11 release
- Bugfix: Now doesn't try to enforce the Strong ES model. Linux 2.2 and 2.4
  as it turns out, use the weak model.
- Fixed a nasty flaw in the way UDP reply packets were handled.
  (Thanks to Sander Plomp for noticing this).
- Added control over TCP timestamps usage (defaults to off).
- Windows Networking (NETBIOS) fixes.
- Small SSH fix.
- Added support for Telstra's BigPond Cable authentication/heartbeat.
- Changed the GUI layout on the Protocol tab. Hopefully it's clearer now.
- Additions to the manual.

* January 17th 2002 Simon Edwards <>

- 1.9.10 release.
- A "Restore to factory defaults" button.
- Small changes to some of the text strings in the GUI.
- Explicitly requests /bin/bash when running the scripts from the GUI.
- Additions and improvements to the manual.

* December 20th 2001 Simon Edwards <>

- 1.9.9 release.
- Fixed a small bug in the DHCP rules. (It was blocking lease refreshes on
- Fixed ipchains support, looks like it's been broken for a while.
- Resetting the network subsystem now handles ipchains or iptables in
  /usr/sbin/ too.
- Added AudioGalaxy and DirectPlay (most Microsoft games), Halflife support.
- Fixed a tiny crash bug in the case where the protocol DB file can't be
- Made the source port usage info in the protocol DB tighter.
- Looks for ipchains/iptables in /usr/local/sbin too.

* November 29th 2001 Simon Edwards <>

- 1.9.8 release.
- Added proper multi-language support to the protocol DB.
- Fixed a nasty bug in the generated firewall scripts that could cause
  the machine to appear to hang at boottime.
- Fix a small design bug concerning the user defined protocols. (Accepts
  any source port now, instead of just ones in the dynamic range).
- Guarddog now looks for ipchains or iptables in /usr/sbin/.
* November 19th 2001 Simon Edwards <>

- 1.9.7 release.
- The README file has been updated. Please read it.
- Firewall script now returns a proper exit code.
- Fixed Diablo II protocol entry. (I hope)
- Added Microsoft's "SMB over TCP" protocol to the DB.
- Added XDMCP to the DB.
- The iptables part now only accepts NEW state tracking entries that are SYN
- Fixed a buglet where clicking 'Ok' is the firewall disabled didn't exit the
  program after reseting the network subsystem.
- Added DHCP support to the "Advanced" tab. (Thanks to Ludovic Lange for the
- Added "Log Aborted TCP connections" option. This can detect half-open
  stealth scans. (Now every nmap scan type can be logged).
- Specifies the log level to iptables as a number. (iptables>=1.2.3 wants a
- Scripts now explictly use bash instead of just plain sh. (bash is the
  official standard linux shell anyway).
- Fixed NFS support.
- Scripts now explicitly use gawk(1) instead of just plain awk(1).
- Fixed a problem that would stop the firewall script from working properly
  for people who use a language setting other than English. (thanks to
  Ludovic Lange detecting submitting a patch for this).

* September 28th 2001 Simon Edwards <>

- 1.9.6 release.
- Fixed a bug that would cause Guarddog to crash if you pressed ctrl+u while
  editing an address.
- Removed use of ++ in the firewall script.
- Added the netbios port 138 stuff to the DB and rolled all the netbios
  entries into just one entry: Windows Networking.
- Renamed "Authentication" in the DB to the more accurate "ident/auth".
- Added LDAP, LDAP-SLL, SWAT, Diablo II, IPP and Nessus to the DB.
- Should handle broadcast packets better. (Your logs should not fill up with
  netbios/smb broadcasts).
- Firewall script doesn't make as many assumptions about which directories
  the unix tools live in.

* August 29th 2001 Simon Edwards <>

- 1.9.5 release.
- Small clean ups.
- The "Advanced Protocol Help" now works.
- Fixed a nasty bug in the definition for ICQ that leaving the firewall
  wide open.
- Fixed the annoying "[: -eq: unary operator expected" buglet that some
  people were seeing.
- Fixed to work when virtual interfaces are defined.
- Now handles NIC broadcast addresses properly.
- Added code to enforce the Strong ES model (RFC 1122 section
- Now correctly avoids trying to use DNS when there are no decent NICs
  available. (This was causing slow reboots with iptables complaining when
  it could not resolve host names).
- Added the ability to Import/Export the firewall script to the Advanced tab.
  It also has a "Description" text box for the benefit of people who want to
  juggle firewalls for several machines.
- Since adding Import/Export of firewall scripts, it has become meaningful to
  run Guarddog as a non-root user to create scripts to be used elsewhere.
  It is now possible to run Guarddog as a mere mortal with reduced
- Reformatted the changelog.

* August 12th 2001 Simon Edwards <>

- 1.9.4 release.
- No long uses the konsole to run the firewall script in. Guarddog now has
  it's own window that it can run the firewall and other scripts in.
- When run, the firewall script was says what it is doing. Much friendlier.
- Gnutella and NetMeeting support added.
- Fixed a small bug that sometimes caused the same modprobe command to
  output multiple times.
- Fixed a bug that was causing configuration to get scrambled when read in.

* July 9th 2001 Simon Edwards <>

- 1.9.3 release.
- Fixed a crash if you click to the right of the checkboxes on
  the protocol page.
- Fixed a bug that would cause Guarddog to fail to read the existing
  firewall if it doesn't contain at least one user defined zone.
- Add 'Connections' list which allows the user to select which zones the
  current zone should be connected to.
- Rearranged the GUI somewhat. It's now much better layed out and sports
  icons and symbolic hints in places.
- Added builtin help box on the protocol panel. Shows information and help
  about a given protocol.
- Also replaced a lot of input boxes in the GUI with spinboxes.

* June 14th 2001 Simon Edwards <>

- 1.9.2 release.
- Netfilter/iptables is now supported. The generated firewalls
  use either ipchains or iptables automatically at run time. It also uses
  iptables state tracking modules to handle annoying things like FTP. This
  provides a *much* tighter firewall than old ipchains.
- Advanced logging also part of the new iptables support, including rate
  limited logging and even log messages to warn when rate limiting is in
  effect. Reflected in the GUI is a whole new tab pane dedicated to logging.
- The address lists now happily accept domain names instead of just IP
- Also fixed a nasty bug in the ipchains firewall that was causing the wrong
  zone policies to be applied to packets. We don't call these a development
  versions for nothing folks!

* May 9th 2001 Simon Edwards <>

- 1.9.1 release.
- Protocols can now be set to either Deny/Accept and now also Reject.
- It is now possible to specify user defined protocols. i.e. open/close
  specific ports.
- 'printer', 'syslog' and 'ntp' have now been added to the network protocol

* April 14th 2001 Simon Edwards <>

- 1.9.0 release.
- The first developer release aiming at version 2.0. The 1.9.0 and higher
  code is a rewrite and redesign.  Significant changes are the use of XML
  to store a database of information about network protocols. The work
  and code is also shared with Watchdog. I intend to fully document the XML
  format I've designed in the hope that others will find it useful and
  support it.
- Guarddog now has the concept of 'zones' which allow you to place different
  hosts and networks into groups which can then have different firewall
- Router configurations are a target for 2.0, but this development version
  still doesn't support them, yet.

* January 17th 2001 Simon Edwards <>

- 1.0.0 release, finally.
- No real changes except for updates and additions to the documentation.

* December 22th 2000 Simon Edwards <>

- 0.9.5 release.
- Generated firewalls now setup the kernel networking protection.
- Generated firewalls are now tighter, only opening the Local Port range
  instead of all non-privileged ports where appropriate.
- Added option to always Reject Auth requests. (This can speed up POP

* November 30th 2000 Simon Edwards <>

- 0.9.4 release.
- Small fix for ISDN users. (Thanks to Joerg Buchland).

* November 22th 2000 Simon Edwards <>

- 0.9.3 release.
- Now requires KDE 2. Most of the GUI code has been rewritten for KDE 2.
- GUI has also been cleaned up somewhat.
- It also attempts to automatically identify which interface is being used
  to access the net. (Thanks to J. F. Gratton).
- Added an option to completely disable the firewall.

* September 2nd 2000 Simon Edwards <>

- 0.9.2 release.
- RealPlayer support added.
- Small changes to the GUI to fix a few layout problems. Still not perfect,
  but much better.
- Manual is much more complete now. Now has a tutorial and FAQ section.

* June 11th 2000 Simon Edwards <>

- 0.9.1 release.
- Packaged with RPM for Mandrake 7.1 (should also work with
- Some display glitch fixes, still more remain, grrr.
- Should now be able to find the protocol database file ok. Sorry to those
  people who tried to get it to run from source and failed.
- Uses sane defaults for checkboxes in new firewalls.

* June 2nd 2000 Simon Edwards <>

- 0.9 Initial developer release.


(You will need a PNG format supporting browser to see these).

Zone Screen shot

Machines can be grouped into zones.

Protocols Screen shot

Permitted protocols can be decided on a zone by zone basis.

Advanced Screen shot

Power where you need it. Directly enter port values when you need to poke a hole through the firewall.

Logging Screen shot

Advanced logging is now possible on Linux 2.4 kernels.