[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Writing rules based on program emitting/receiving paquet

There is by user and there is nothing that says mozilla can't be setuid allowhttp(A new account
you create).  However there is also protocol level identification, I can't find it now.  It was a
regex based filter for iptables that would let you say match all http that did not use ports.

--- Marc Demlenne <m.demlenne@skynet.be> wrote:
> Hi all, 
> Is it possible, using iptables, to write a rule that match a paquet
> depending on the program (or pid) which emitted it or is supposed to
> receive it ? 
> For example, i can block all traffic from my box to the outside world
> except that which is in destination of port 80, allowing HTTP traffic.
> But a trojan could still communicate with the outside if it communicates
> with the port 80 of another box. 
> Is it possible to limit a bit more the traffic to the only paquet which
> are emitted from a web browser (say mozilla) and to dest-port 80 ? 
> Would it be a good way to protect a box ? 
> Thanks for all of your ideas. 
> -- 
> Marc Demlenne 
> GPG : 768FA483 (www.keyserver.be)
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.

Reply to: