Re: Writing rules based on program emitting/receiving paquet
On Monday 09 February 2004 20:58, Marc Demlenne wrote:
> Hi all,
> Is it possible, using iptables, to write a rule that match a
> paquet depending on the program (or pid) which emitted it or is
> supposed to receive it ?
> For example, i can block all traffic from my box to the outside
> world except that which is in destination of port 80, allowing
> HTTP traffic. But a trojan could still communicate with the
> outside if it communicates with the port 80 of another box.
> Is it possible to limit a bit more the traffic to the only paquet
> which are emitted from a web browser (say mozilla) and to
> dest-port 80 ?
> Would it be a good way to protect a box ?
If you want to be more specific, you could take a look at
http://www.rsbac.org and/or http://www.adamantix.org -
using the (kernel based) RSBAC access control framework it is
possible to deny/allow network/port access on application level
(additionally to you iptables rules).
It's not very easy to setup, but you'll get addicted to it soon, I
Similar approach is done by SELinux AFAIK but I prefer RSBAC B-)
Dipl.-Ing. Klaus Holler <gmx.at after kho@>