Re: Writing rules based on program emitting/receiving paquet
There is by user and there is nothing that says mozilla can't be setuid allowhttp(A new account
you create). However there is also protocol level identification, I can't find it now. It was a
regex based filter for iptables that would let you say match all http that did not use ports.
--- Marc Demlenne <m.demlenne@skynet.be> wrote:
> Hi all,
>
> Is it possible, using iptables, to write a rule that match a paquet
> depending on the program (or pid) which emitted it or is supposed to
> receive it ?
>
> For example, i can block all traffic from my box to the outside world
> except that which is in destination of port 80, allowing HTTP traffic.
> But a trojan could still communicate with the outside if it communicates
> with the port 80 of another box.
>
> Is it possible to limit a bit more the traffic to the only paquet which
> are emitted from a web browser (say mozilla) and to dest-port 80 ?
>
> Would it be a good way to protect a box ?
>
> Thanks for all of your ideas.
>
> --
> Marc Demlenne
> GPG : 768FA483 (www.keyserver.be)
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
Reply to: