Allow for local network only

[GoogleCodeExporter]

There are some apps such as "remote desktop" or "es file explorer", I need to 
allow them to connect to my laptop through adhoc/access point wifi network 
(192.168.*.*), 
but I can't risk them to connect to the internet because of the IMPORTANT DATA, 
they both need my laptop username and password,
it is very risky to give them such data when internet available (remote hacking 
possible).

also there is many apps need local network only, such as wifi-webcam or 
wifi-remote (control or keyboard or mouse)... etc

Original issue reported on code.google.com by kdman2...@gmail.com on 22 Feb 2011 at 7:53

[GoogleCodeExporter]

I am willing to try to implement this.

I have an idea on how to do it, but I face a problem.
When you change from LAN1 to LAN2, I have no way to discover the new IP/MASK to 
authorize in the firewall, so the only workaround at this time will be to 
reload the FW.

Is it still usable with this limitation from your point of view?

Original comment by dama...@gmail.com on 23 Feb 2011 at 7:29

[GoogleCodeExporter]

I don't change lan often.
may be if I visit a friend, but then I don't usually use advanced apps like 
rdp, maybe wifi-harddisk

so yes, it is a good solution for a start.

Original comment by kdman2...@gmail.com on 23 Feb 2011 at 2:27

[GoogleCodeExporter]

Well my idea is to add a column with a new checkbox (lan) to authorize the app 
to access lan addresses.

Access will be granted to the network address of the wifi interface.

- Pro: new feature
- Con: less space for the app name and description so the list will grow

There is another issue with this implementation, how to deal with multiple lan 
subnets and different lan networks ?

Original comment by dama...@gmail.com on 23 Feb 2011 at 2:58

[GoogleCodeExporter]

If issue 50 (data usage per app) will be added, then I suggest to make the app 
row in the list click-able, 

no check box or app ID on the list, 
only what permission got (W,3,L colored litters) and name and how many data 
used at the right.

i.e: 
<gray>W</gray> <gray>3</gray> <green>L</green> File explorer 34K  13M
<gray>W</gray> <green>3</green> <gray>L</gray> Market        120K 30M

click-able rows will allow to add more option and data per app (row)

Original comment by kdman2...@gmail.com on 23 Feb 2011 at 5:07

[GoogleCodeExporter]

Nice idea.

Original comment by dama...@gmail.com on 23 Feb 2011 at 5:47

[GoogleCodeExporter]

I would like a tickbox to allow an application access to RFC1918 addresses (if 
ticked, but WiFi/3G are not, the firewall will allow outbound comms to these 
addresses).

Great app.

Original comment by tor.houg...@gmail.com on 2 Mar 2011 at 6:04

[GoogleCodeExporter]

I know that it may not be the perfect solution, but I plan to add support for 
custom iptables rules in the near future.

Basic users want only basic features, while more advanced users want all kind 
of features you are able to imagine, so it is hard to conciliate everything ;)

Custom rules will allow advanced users to do almost anything they want on 
iptables. And I can add simple "recipes" on the website, such as "how to allow 
everything  for local network".

Original comment by rodrigo...@gmail.com on 2 Mar 2011 at 7:11

[GoogleCodeExporter]

Hello all, I have just added a functionality called "Custom Script" on r210.
This will be officially released on the next version (DroidWall 1.5.3).

I know that this is more like a work-around rather than a real fix, but you can 
do that using custom scripts now. This way we can keep a very simple user 
interface for non-technical users, but give full power to advanced users.

I will add more information about CustomScripts in the wiki.

Original comment by rodrigo...@gmail.com on 23 Sep 2011 at 7:10

• Changed state: Fixed

[GoogleCodeExporter]

Great

Original comment by dama...@gmail.com on 23 Sep 2011 at 8:26