Writing rules based on program emitting/receiving paquet

To: debian-firewall@lists.debian.org
Subject: Writing rules based on program emitting/receiving paquet
From: Marc Demlenne <m.demlenne@skynet.be>
Date: Mon, 9 Feb 2004 20:58:13 +0100
Message-id: <[🔎] 20040209195813.GC23808@marcelle.homelinux.org>
Mail-followup-to: debian-firewall@lists.debian.org
Reply-to: m.demlenne@skynet.be

Hi all, 

Is it possible, using iptables, to write a rule that match a paquet
depending on the program (or pid) which emitted it or is supposed to
receive it ? 

For example, i can block all traffic from my box to the outside world
except that which is in destination of port 80, allowing HTTP traffic.
But a trojan could still communicate with the outside if it communicates
with the port 80 of another box. 

Is it possible to limit a bit more the traffic to the only paquet which
are emitted from a web browser (say mozilla) and to dest-port 80 ? 

Would it be a good way to protect a box ? 

Thanks for all of your ideas. 

-- 
Marc Demlenne 
GPG : 768FA483 (www.keyserver.be)

Reply to:

Follow-Ups:
- Re: Writing rules based on program emitting/receiving paquet
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: Writing rules based on program emitting/receiving paquet
  - From: Klaus Holler <kho@gmx.at>

Prev by Date: Re: cleaning up my firewall script...
Next by Date: Re: cleaning up my firewall script...
Previous by thread: Re: cleaning up my firewall script...
Next by thread: Re: Writing rules based on program emitting/receiving paquet
Index(es):
- Date
- Thread