Re: application level firewalling in linux?(was:ipchains...masq..spyware)
On Sun, 30 Dec 2001, wsa wrote:
> HI,
>
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
>
> I wasn't asking what to do in windows...although i did mention
> windows which probably made everyone run for the hills:)
>
> My question was about linux and how to accomplish security
> on application level, like what happens in windows with a personal
> firewall.
> Because i don't understand how i can achieve full security when opening
> ports...like port 80 for the web or 110 and so on.
> Cause as far as i can understand reading all the IPchains documentation
> if i open that port in linux it wil be open for any application which
> uses that port....and i can't specify that only mozzila or netscape
> can use that port and any other app can use that port to transfer
> information.
>
> And if there is no need for security on application level why is that?
Well, if you think that Windows can block ports based on the name of an
application, you are fooling yourself. It was recently shown on bugtraq
that *any* application can bypass popular personal firewalls simply by
reaching down a little lower into the networking stack. Linux at least
doesn't have this problem: no application can bypass iptables unless it
runs as root.
Iptables has the ability to block or allow outgoing traffic (OUTPUT table)
based on process or session id. Thus, you could block all outgoing
traffic on port 80, but allow port 80 traffic from Mozilla. You could
achieve this using a script to start Mozilla. The script would start
mozilla, add an iptables rule, and when Mozilla exits, remove the rule
again.
Your larger question seems to be: How can I run software I don't trust and
prevent it from talking on the network? The answer is you can't, really.
The best policy is to only run software for which the source code is
available. Spyware and open source don't mix very well.
-jwb
Reply to: