On Jan 23, 2008 9:23 AM, Jason Edwards <[EMAIL PROTECTED]> wrote: > Sorry, I assumed Chris would be looking for a graphical tool to manage > his firewall policies. If you can handle it, iptables on the command > line is absolutely the way to go. > > But for somebody coming from Windows, using Comodo (a GUI), I think > opening a terminal and typing an iptables command may be a little > intimidating. If you just want really basic rules, and don't know > iptables, Firestarter would be a good way to go.
I am very familiar with writing iptables firewalls by hand. This isn't really what I'm looking for though. I am looking for something specifically that could limit on a per-application basis, which I feel is a very powerful security feature. This is very useful in the situation where a non-root account gets violated. The intruder would attempt to launch some custom-made ssh brute force script, or add your machine into a IRC botnet. It would be great if the network connection attempt was denied, logged to a file. The root user would review that file, have the ability to allow (or deny) permission to that application from having network access. Most (not all) iptables firewalls are configured with the OUTPUT chain default to ACCEPT. I guess what I'm getting at is that it would be nice if you could set that OUTPUT chain to DENY by default, but log and allow outbound access on a per-application basis. Currently, if I open outbound port 80, then any software, trusted or malicious, could use that hole. It seems SELinux may solve the second part of my question - limiting what the executables can do on the file system. --Chris /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
