Re: full control of connections

To: debian-user@lists.debian.org
Subject: Re: full control of connections
From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>
Date: Sun, 04 May 2008 09:28:03 +0200
Message-id: <[🔎] E1JsYdf-0006KE-V5@ibook99.no-hay.net>
In-reply-to: <[🔎] 20080504065857.GA26908@jadev.org>

>     * From: frits <frits7@vulkor.net>
>allowed to include the applications in the firewall rules.

man iptables in etch still shows

   owner
       This  module attempts to match various characteristics of the packet creator, for locally-
       generated packets. 

besides,

   grep -i owner /boot/config-2.6.*
/boot/config-2.6.18-nn:CONFIG_IP_NF_MATCH_OWNER=m
/boot/config-2.6.18-nn:CONFIG_IP6_NF_MATCH_OWNER=m
/boot/config-2.6.8-3-powerpc:CONFIG_IP_NF_MATCH_OWNER=m

so both sarge and etch should work with this (however, I do not use it)

>You might wonder why. Application running on wine should never connect
>anywhere,

for using untrusted applications it might be a good idea to use a
_specific_ user. For example, I have a specific user for e-mail, a
specific user for www, a specific user for ssh, all with a private group
and umask which permits the group to read and no else to write; each of
these users is only in its private group. My "regular" user which I use
to manipulate my locally created files (.tex .ly .denemo .mid .wav ...)
is on the contrary in special groups (audio, ...) and in the private
groups of the above users.

Reply to:

Follow-Ups:
- Re: full control of connections
  - From: frits <frits7@vulkor.net>

References:
- full control of connections
  - From: frits <frits7@vulkor.net>

Prev by Date: Re: usb to serial
Next by Date: Re: usb to serial
Previous by thread: full control of connections
Next by thread: Re: full control of connections
Index(es):
- Date
- Thread