Re: Introductory reading on firewall/iptables/etc for new Debian user?
On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response to the request may be:
> No
> Always YES
> Ask each occurrence
Programs don't generally ask for permissions; they assume that
they are connected, and report failures when they can't make
connections.
I suppose that you could write a wrapper script for every
program, so that if you invoke it through the wrapper you have
opened the necessary ports, and if you invoke the program
without the wrapper the connections are dropped. However, while
the wrapper is being run, any copy of the program could have
the same permissions.
On Android systems, this issue is slightly addressed (though not
in the manner you want) by having a new user added for every
program, and running each program under that user-id. Since
iptables can look at effective user-id when making packet
accept/drop decisions, you can do per-program firewalls that
way.
By the way, you have an unusually brusque way of stating
conditions rather than asking questions, which comes across as
slightly rude.
-dsr-
Reply to: