Dowse eases the configuration of network routing for a local area network, starting from the setup of ARP-level static entries of known peers, IP-level firewall, DHCP configuration, and local DNS cache, up to an application layer transparent proxy and optional gateways to anonymous networks such as Tor and I2P. It consists of a minimalistic script which can run on any GNU/Linux box and which, from a central configuration point, controls Ebtables, Iptables, and all the daemons needed for such operations: DnsMasq, Squid2, and Privoxy. It comes with a module system for contributed add-ons like DNSCrypt-proxy and HTTPS-everywhere.
|Tags||proxy management Tor Firewall lan DNS proxy dns cache I2P Squid|
Release Notes: Starting and stopping Dowse now works faster. New and safer iptables rules have been adopted and the code has been reorganized. The Squid/Privoxy functionality was moved into a module, preserving only firewalling and dnsmasq as the core functionalities of Dowse. A comprehensive whitepaper is distributed with the source, outlining future plans.
Release Notes: The network model was refactored to avoid the need for a bridge interface. Dowse now works just on a single physical interface. Ebtables is adopted for layer 2 MAC address filtering against arp spoofing. A module system is in place to activate/deactivate optional features. The first module available supports dnscrypt-proxy to protect all DNS traffic from tapping.
Release Notes: This release provides all basic features and has been tested for its stability: accelerated transparent proxy using Squid3 and ads protection using Privoxy, automatic .onion domain resolution via Tor, and arp-spoof protection via configured MAC entries in dnsmasq.