Skip to content

thehusnain/SecureWall

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SecureWall (scw)

SecureWall is a professional CLI firewall management and monitoring tool for Debian-based Linux distributions (including Ubuntu and Kali). It manages the system firewall, detects interfaces, applies predefined rules, and analyzes firewall logs.

Features

  • Debian-based distribution detection
  • Network interface discovery (wired and wireless)
  • Firewall backend installation checks and control (enable/disable)
  • Predefined rules in simple English
  • Guided setup wizard (interface + rule selection)
  • Rule listing and deletion
  • Structured log analysis with attack hints
  • Colored output using rich

Supported Distributions

  • Ubuntu
  • Debian
  • Kali Linux
  • Linux Mint
  • Pop!_OS
  • Parrot OS

Installation (Recommended)

One-liner (no clone required)

You can install SecureWall directly with pip (installs in user environment):

pip install git+https://github.com/thehusnain/SecureWall.git

System-wide install (with venv, recommended for admins)

Clone and run the installer (auto-creates venv, no .venv in repo):

git clone https://github.com/thehusnain/SecureWall.git
cd SecureWall
chmod +x install.sh
sudo ./install.sh

The installer creates:

  • Binary: /usr/local/bin/scw
  • Package: /usr/local/lib/scw
  • User menu launcher: ~/.local/share/applications/scw.desktop
  • Icon: ~/.local/share/icons/scw.svg

Quick Start

Run the wizard to select interface and predefined rules:

scw --setup

Launch the interactive menu:

sudo scw

Interactive Menu Flow

  1. Enable firewall
  2. Setup firewall (wizard)
  3. Disable firewall
  4. Status
  5. Interfaces
  6. Add rule
  7. View rules
  8. View selected rules
  9. Analyze logs
  10. Exit

CLI Commands

scw --status
scw --interfaces
scw --enable
scw --disable
scw --rules
scw --logs
scw --health

scw rule allow ssh
scw rule deny 22
scw rule block-ip 192.168.1.10
scw rule allow-port 443
scw rule delete 3

Predefined Rules (Wizard)

The wizard lists allow/deny rules in simple English and applies them to the selected interface. Each rule name includes a short comment describing what it does.

Baseline:

  • Baseline: Default Deny Incoming - Set default policy to deny incoming traffic.
  • Baseline: Default Allow Outgoing - Set default policy to allow outgoing traffic.
  • Stealth Block ICMP (Ping) - Drop ICMP echo requests to reduce host discovery (ping, nmap).

Common services (allow):

  • Allow SSH - Remote administration (TCP 22).
  • Allow SFTP - Secure file transfer (TCP 22).
  • Allow FTP - File transfer (TCP 21).
  • Allow FTPS - Secure FTP (TCP 990).
  • Allow HTTP - Web traffic (TCP 80).
  • Allow HTTPS - Secure web traffic (TCP 443).
  • Allow DNS - DNS queries (UDP 53).
  • Allow DNS (TCP) - DNS over TCP (TCP 53).
  • Allow DHCP - DHCP client traffic (UDP 67-68).
  • Allow NTP - Time sync (UDP 123).
  • Allow SMTP - Mail transfer (TCP 25).
  • Allow SMTPS - Secure mail transfer (TCP 465).
  • Allow SMTP Submission - Mail submission (TCP 587).
  • Allow IMAP - Mail access (TCP 143).
  • Allow IMAPS - Secure mail access (TCP 993).
  • Allow POP3 - Mail retrieval (TCP 110).
  • Allow POP3S - Secure mail retrieval (TCP 995).
  • Allow LDAP - Directory services over TCP (TCP 389).
  • Allow LDAP (UDP) - Directory services over UDP (UDP 389).
  • Allow LDAPS - Secure directory services (TCP 636).
  • Allow SNMP - Monitoring (UDP 161).
  • Allow SNMP Trap - Trap events (UDP 162).
  • Allow Syslog - Log shipping (UDP 514).
  • Allow SIP - VoIP signaling (UDP 5060).
  • Allow SIPS - Secure VoIP signaling (TCP 5061).
  • Allow SMB - SMB NetBIOS (UDP 137-139).
  • Allow SMB (TCP) - SMB over TCP (TCP 445).
  • Allow RPC Bind - RPC mapper over TCP (TCP 111).
  • Allow RPC Bind (UDP) - RPC mapper over UDP (UDP 111).
  • Allow NFS - Network file system (TCP 2049).
  • Allow rsync - File sync (TCP 873).
  • Allow MQTT - IoT messaging (TCP 1883).
  • Allow MQTTS - Secure IoT messaging (TCP 8883).
  • Allow RDP - Remote desktop (TCP 3389).
  • Allow VNC - Remote desktop (TCP 5900).
  • Allow MySQL - Database (TCP 3306).
  • Allow PostgreSQL - Database (TCP 5432).
  • Allow Redis - Cache (TCP 6379).
  • Allow MongoDB - Database (TCP 27017).
  • Allow Nmap Scan (TCP) - Allow all TCP ports (1-65535).
  • Allow Nmap Scan (UDP) - Allow all UDP ports (1-65535).

Common services (deny):

  • Block SSH - Block remote administration (TCP 22).
  • Block FTP - Block file transfer (TCP 21).
  • Block FTPS - Block secure FTP (TCP 990).
  • Block HTTP - Block web traffic (TCP 80).
  • Block HTTPS - Block secure web traffic (TCP 443).
  • Block RDP - Block remote desktop (TCP 3389).
  • Block VNC - Block remote desktop (TCP 5900).
  • Block DNS - Block DNS queries (UDP 53).
  • Block DNS (TCP) - Block DNS over TCP (TCP 53).
  • Block SMTP - Block mail transfer (TCP 25).
  • Block SMTPS - Block secure mail transfer (TCP 465).
  • Block SMTP Submission - Block mail submission (TCP 587).
  • Block IMAP - Block mail access (TCP 143).
  • Block IMAPS - Block secure mail access (TCP 993).
  • Block POP3 - Block mail retrieval (TCP 110).
  • Block POP3S - Block secure mail retrieval (TCP 995).
  • Block LDAP - Block directory services over TCP (TCP 389).
  • Block LDAP (UDP) - Block directory services over UDP (UDP 389).
  • Block LDAPS - Block secure directory services (TCP 636).
  • Block SNMP - Block monitoring (UDP 161).
  • Block SNMP Trap - Block trap events (UDP 162).
  • Block Syslog - Block log shipping (UDP 514).
  • Block SIP - Block VoIP signaling (UDP 5060).
  • Block SIPS - Block secure VoIP signaling (TCP 5061).
  • Block SMB - Block SMB NetBIOS (UDP 137-139).
  • Block SMB (TCP) - Block SMB over TCP (TCP 445).
  • Block RPC Bind - Block RPC mapper over TCP (TCP 111).
  • Block RPC Bind (UDP) - Block RPC mapper over UDP (UDP 111).
  • Block NFS - Block network file system (TCP 2049).
  • Block rsync - Block file sync (TCP 873).
  • Block MQTT - Block IoT messaging (TCP 1883).
  • Block MQTTS - Block secure IoT messaging (TCP 8883).
  • Block MySQL - Block database (TCP 3306).
  • Block PostgreSQL - Block database (TCP 5432).
  • Block Redis - Block cache (TCP 6379).
  • Block MongoDB - Block database (TCP 27017).
  • Block Port Scans (TCP) - Drop TCP probes across all ports (1-65535).
  • Block Port Scans (UDP) - Drop UDP probes across all ports (1-65535).

Note: To make nmap scans show 0 hosts up, avoid allowing any inbound ports and apply both the stealth ICMP drop rule and the TCP/UDP port scan drop rules.

Logs and Attack Reports

SecureWall parses /var/log/ufw.log (backend log used by scw) and shows:

  • Time
  • Source IP
  • Destination IP
  • Protocol
  • Destination port
  • Action (allowed/blocked)

It also highlights patterns such as:

  • Port scanning attempts
  • Repeated SSH brute-force attempts

Troubleshooting

  • If you see "Please run SecureWall as root", re-run with sudo scw.
  • If scw --health reports UFW missing, install it with sudo apt install ufw.
  • If logs are empty, ensure UFW logging is enabled: sudo ufw logging on.
  • If you run from source and securewall is not found, run commands from the secwall folder or install with pip install -e ..

Uninstall

sudo ./uninstall.sh

Screenshots

Placeholder for screenshots.

AI Assistance Disclosure

Some scaffolding and documentation in this repository were assisted by automated tools. All design decisions, code verification, and testing were performed by the project author. If you use or redistribute this project, please review the configuration and tests before deploying to production.

About

No description, website, or topics provided.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors