On 02/28/2018 04:47 PM, Grant Taylor wrote:
I know that iptables can filter based on a process owner and cgroup. So, depending on how the applications are running, you might be able to come close to what you're after.
You might be able to punt (metadata about) packets into a user space program that can then make decisions based on additional information. I.e. what process owns the originating / terminating socket, and ACCEPT / DROP / REJECT packets based on that.
I've never heard of such, but I see how it could work. E.g. DROP / REJECT packets by default, and ACCEPT any packets that have a paternal process tied to the /usr/bin/thunderbird file.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
