Re: Writing rules based on program emitting/receiving paquet
There is by user and there is nothing that says mozilla can't be setuid allowhttp(A new account
you create). However there is also protocol level identification, I can't find it now. It was a
regex based filter for iptables that would let you say match all http that did not use ports.
--- Marc Demlenne <firstname.lastname@example.org> wrote:
> Hi all,
> Is it possible, using iptables, to write a rule that match a paquet
> depending on the program (or pid) which emitted it or is supposed to
> receive it ?
> For example, i can block all traffic from my box to the outside world
> except that which is in destination of port 80, allowing HTTP traffic.
> But a trojan could still communicate with the outside if it communicates
> with the port 80 of another box.
> Is it possible to limit a bit more the traffic to the only paquet which
> are emitted from a web browser (say mozilla) and to dest-port 80 ?
> Would it be a good way to protect a box ?
> Thanks for all of your ideas.
> Marc Demlenne
> GPG : 768FA483 (www.keyserver.be)
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.