[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Writing rules based on program emitting/receiving paquet

Hi Marc,

On Monday 09 February 2004 20:58, Marc Demlenne wrote:
> Hi all,
> Is it possible, using iptables, to write a rule that match a
> paquet depending on the program (or pid) which emitted it or is
> supposed to receive it ?
> For example, i can block all traffic from my box to the outside
> world except that which is in destination of port 80, allowing
> HTTP traffic. But a trojan could still communicate with the
> outside if it communicates with the port 80 of another box.
> Is it possible to limit a bit more the traffic to the only paquet
> which are emitted from a web browser (say mozilla) and to
> dest-port 80 ?
> Would it be a good way to protect a box ?

If you want to be more specific, you could take a look at
http://www.rsbac.org and/or http://www.adamantix.org -
using the (kernel based) RSBAC access control framework it is 
possible to deny/allow network/port access on application level 
(additionally to you iptables rules).
It's not very easy to setup, but you'll get addicted to it soon, I 
promise ;-)

Similar approach is done by SELinux AFAIK but I prefer RSBAC B-)


Dipl.-Ing. Klaus Holler <gmx.at after kho@>

Reply to: