Take Control of Your Outbound Connections

Production-ready application firewall that gives Linux users the same outbound connection control they had on Windows.

✨ New: Interactive installation with guided setup 🎨 Beautiful progress dialogs for all operations ⚡ Instant rule reload with SIGHUP 🔐 pkexec integration for secure permissions

Get Started View on GitHub

🔒

Secure by Default

⚡

Real-time Protection

🎯

Per-App Control

🚨 The Problem

Linux by default allows ALL outbound connections. Any application can connect to any server without your knowledge or permission. This is a security risk.

✅ The Solution

Douane intercepts every outbound connection and shows you a GUI popup. You decide which applications can access the network - Allow or Deny, Once or Always.

Production-Ready Features

🔌

Real Packet Interception

Integrates with netfilter/iptables NFQUEUE to intercept actual packets in real-time

🔍

Application Identification

Matches packets to processes via /proc filesystem for accurate app detection

⚡

Fast Decision Engine

Cached rules provide instant decisions for known connections

🎨

Beautiful GUI

Enhanced dialogs show hostname, port description, process info, and risk level

⚙️

Control Panel

Full-featured GUI with beautiful progress dialogs, instant rule reload, and pkexec integration for secure permissions

🛡️

UFW Integration

Permanent rules stored in UFW for persistence across reboots

⏱️

Timeout Protection

Auto-deny after 30 seconds (configurable) to prevent hanging connections

🔐

Learning Mode

Safe testing mode that shows popups but always allows connections. Rules are automatically saved!

💾

Auto-Save Rules

All decisions are saved immediately to disk, even in learning mode. No data loss on restart!

🎯

Interactive Installation

Guided setup with whiptail dialogs - choose mode, autostart, and start now during installation

⚡

Instant Rule Reload

Delete rules and they take effect immediately via SIGHUP - no restart needed!

Two-Process Architecture

🔧 Douane Daemon (Root)

Intercepts packets via NetfilterQueue
Identifies applications via /proc
Checks whitelist & cached rules
Accepts/drops packets based on decisions

⬍

🖥️ GUI Client (User)

Shows popup dialogs with DISPLAY access
System tray icon with menu
Sends decisions back to daemon
Control panel for management

Application tries to connect

→

Packet queued to NFQUEUE

→

Daemon identifies app

→

GUI shows popup

→

User decides

Quick Installation

Recommended

📦 Install from .deb Package

# Clone the repository
git clone https://github.com/shipdocs/Douane-Application-firewall-for-Linux.git
cd Douane-Application-firewall-for-Linux

# Build the package
./build_deb.sh

# Install
sudo dpkg -i douane-firewall_2.0.0_all.deb

# Fix dependencies if needed
sudo apt-get install -f

🔧 Manual Installation

# Install system dependencies
sudo apt-get update
sudo apt-get install -y python3 python3-pip \
    python3-tk build-essential \
    libnetfilter-queue-dev iptables ufw

# Install Python dependencies
pip3 install -r requirements.txt

# Configure UFW
sudo ./setup_firewall.sh

# Run the firewall
sudo python3 douane_firewall.py

System Requirements

OS: Linux with kernel 3.0+

Python: 3.6 or higher

Display: X11 or Wayland

Privileges: Root/sudo access

How to Use

1️⃣

Start the Firewall

Search for "Douane Firewall" in your application menu and click to launch. Enter your password when prompted.

2️⃣

See Connection Requests

When an app tries to connect, a popup appears showing the application name, destination, and risk level.

3️⃣

Make Your Decision

Choose "Allow Once", "Allow Always", or "Deny". Your decision is saved and applied instantly.

4️⃣

Manage Rules

Open the Control Panel to view, edit, or delete saved rules. Monitor logs and adjust settings.