KMF > features
Latest News
Home

Quick Download
KMyFirewall 1.1.1

Download the SRC compile, install and run.

Click to download!

Quick Links


thanks to those who have already donated!

KMyFirewall tries to provide an easy-to-use GUI (Graphical User Interface) for your filrewall setup. Using it you can setup even the most advaced rulesets without getting your hands dirty writing firewall scripts. It designed to have a working ruleset within a few clicks, but does not limit your possibilities.
It's the perfect tool for you if you are in the need of a firewall management tool. Have a look at the list below to find out what KMyFirewall can do for you.

Features overview:

  • Multi Target Configuration & Remote firewall control
  • Auto Configuration
  • Two Separate Interfaces, one for "normal" end users, another for iptables "experts"
  • Transaction based multilevel Undo/Redo
  • No manual scripting needed
  • Designed not to get in the way
  • Almost full integration in the KDE environment
  • Nice and (almost) intuitive GUI
  • Import/Export of rulesets to ease the setup of large networks
  • Installation/Uninstallation of the generated scripts in the init system

Detailed Features for both Interfaces

  • Multi Target Configuration, manage several firewalls from within the same document in KMyFirewall.
  • Remote Control. Manage remote Firewalls from within KMyFirewall (driven by KIO::fish/SSH)
  • Predefined rule set templates for common setups e.g. Workstation, NAT Firewall, Webserver, etc
  • Save custom rule set templates
  • Plug-in driven application design
  • Installer plug-in infrastructure, allows the support for non Linux systems (currently only Linux plugin implemented)
  • IPTables control: view running IPTables configuration, clear tables, show config of a single table, etc
  • Preview of the generated script
  • Auto detection of network interfaces, application paths, and init system
  • Documentation for the rule set; each object (host, rule etc.) can have a description entered for it.
  • Generate rule set installation packages

Features in detail for the Generic Interface

  • Fast Setup of a small but efficient "Personal Firewall"
  • Uses a secure default configuration
  • Abstracted view on the firewalls behavior, e.g. defining network zones, special hosts, etc
  • Script compiler plug-in infrastructure which allows the support for non IPTables systems e.g. OpenBSD's pf (currently only iptables are implemented)
  • Simple NAT configuration
  • Logging configuration
  • Export rule set to IPTables Interface document, and preview in IPTables Interface

Features in detail for the IPTables Interface

  • Allmost 1-1 representation of the IPTables rule set
  • Expert ready, can configure almost all IPTable options
  • Plug-in framework for rule option editors, allows easy implementation of new ruleoption editors
  • Transaction based multilevel undo/redo
  • Create/Delete user defined chains
  • Set default target for user defined chains
  • Rule Forwards/Feeds overview
  • Implemented ruleoption plug-ins:
    • Stateful packet filtering (this is what makes IP tables that cool)
    • IP based filtering
    • MAC based filtering
    • Protocol based filtering with multi port extension
    • Interface based filtering
    • Limiting packet matches (avoids DoS attacks)
    • Logging Target configuration
    • NAT, SNAT, DNAT configuration (Masquerading)
    • MARK Target support
    • MANGLE configuration
    • Custom option, allows to add not directly supported options

Planned Features

Planed Features for both Interfaces

  • OpenBSD support
  • Improve plug-in framework
  • Better documentation
  • More predefined rule set templates
  • Monitor running configuration in mealtime, using SysTray applet (Linux Only)
  • Log file analysis
  • Dynamic insertion of new rules
  • KHotNewStuff support for protocol definitions and rule set templates

Planed Features for the Generic Interface:

  • Allow Host group definition

Planed Features for the IPTables Interface:

  • Perform sanity check for the rule set
  • Make GUI more intuitive


Back to Top
Back to Top