Writing rules based on program emitting/receiving paquet
Hi all,
Is it possible, using iptables, to write a rule that match a paquet
depending on the program (or pid) which emitted it or is supposed to
receive it ?
For example, i can block all traffic from my box to the outside world
except that which is in destination of port 80, allowing HTTP traffic.
But a trojan could still communicate with the outside if it communicates
with the port 80 of another box.
Is it possible to limit a bit more the traffic to the only paquet which
are emitted from a web browser (say mozilla) and to dest-port 80 ?
Would it be a good way to protect a box ?
Thanks for all of your ideas.
--
Marc Demlenne
GPG : 768FA483 (www.keyserver.be)
Reply to: