Hi Marc, On Monday 09 February 2004 20:58, Marc Demlenne wrote: > Hi all, > > Is it possible, using iptables, to write a rule that match a > paquet depending on the program (or pid) which emitted it or is > supposed to receive it ? > > For example, i can block all traffic from my box to the outside > world except that which is in destination of port 80, allowing > HTTP traffic. But a trojan could still communicate with the > outside if it communicates with the port 80 of another box. > > Is it possible to limit a bit more the traffic to the only paquet > which are emitted from a web browser (say mozilla) and to > dest-port 80 ? > > Would it be a good way to protect a box ?
If you want to be more specific, you could take a look at http://www.rsbac.org and/or http://www.adamantix.org - using the (kernel based) RSBAC access control framework it is possible to deny/allow network/port access on application level (additionally to you iptables rules). It's not very easy to setup, but you'll get addicted to it soon, I promise ;-) Similar approach is done by SELinux AFAIK but I prefer RSBAC B-) Regards, Klaus -- Dipl.-Ing. Klaus Holler <gmx.at after kho@>
