[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Writing rules based on program emitting/receiving paquet

Hi all, 

Is it possible, using iptables, to write a rule that match a paquet
depending on the program (or pid) which emitted it or is supposed to
receive it ? 

For example, i can block all traffic from my box to the outside world
except that which is in destination of port 80, allowing HTTP traffic.
But a trojan could still communicate with the outside if it communicates
with the port 80 of another box. 

Is it possible to limit a bit more the traffic to the only paquet which
are emitted from a web browser (say mozilla) and to dest-port 80 ? 

Would it be a good way to protect a box ? 

Thanks for all of your ideas. 

Marc Demlenne 
GPG : 768FA483 (www.keyserver.be)

Reply to: