Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)
From: aborka (aborka@hotmail.com)Date: 04/28/02
- Next message: Masroor: "ARPWATCH"
- Previous message: drumstik: "Re: nmap results in html format"
- In reply to: Ian Jones: "Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)"
- Next in thread: Ian Jones: "Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)"
- Reply: Ian Jones: "Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: aborka@hotmail.com (aborka) Date: 27 Apr 2002 23:43:09 -0700
Ian Jones <roux@speakeasy.org> wrote in message news:<m3lmb8ekzn.fsf@mobile.lan>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> aborka@hotmail.com (aborka) writes:
>
> >> > Maybe I used the wrong terms. But the task is still the same.
> >> > So, let's say for example I do not want to enable Evolution to connect
> >> > to any remote machine on port 80, but I want Mozilla to be able to do
> >> > it.
> [...]
> > But to answer your question ... because for example I do not want
> > anybody to know about, make statictics, track, or do anything without
> > my knowledge if I open a damn HTML email with my email client (and
> > don't tell me to use PINE please).
>
> iptables -P OUTPUT DROP
> iptables -I OUTPUT \
> -p tcp \
> --dport 80 \
> -m state --state NEW \
> -m owner --cmd-owner mozilla \
> -m owner --uid-owner UIDofYOU \
> -j ACCEPT
>
> ...or you could use pine :)
>
> Tim, it looks like it is still a pending patch, but it is all ifdefs
> in the source so it appears as though it will be official soon.
>
> -----BEGIN PGP SIGNATURE-----
> Comment: Keeping the world safe for geeks.
>
> iD8DBQE8yz88wBVKl/Nci0oRAqVtAJ9tCsdem+JiTH/6BV96WQX9gUy+OQCg/XSk
> HfXDcadK80aq33zz7DAG1lk=
> =xY/X
> -----END PGP SIGNATURE-----
Now this is what I am talking about. I hope this --cmd-owner will be
there soon. It is not on the man pages yet for version 1.2.5. As soon
as it officially appears in the distros I am sure the "GUI personal
firewall programs" will start using it. :)
I did check their change log on the website
(http://www.netfilter.org/files/changes-iptables-1.2.6a.txt) and it
seems they just included this in the latest 1.2.6 version released on
March 14 2002 . The current latest release is 1.2.6a .
I have the latest Mandrake 8.2 which comes with iptables 1.2.5
(released Jan 11 2002) only.
Thanks for the help Ian.
- Next message: Masroor: "ARPWATCH"
- Previous message: drumstik: "Re: nmap results in html format"
- In reply to: Ian Jones: "Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)"
- Next in thread: Ian Jones: "Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)"
- Reply: Ian Jones: "Re: Per application TCP/IP traffic filtering in Linux (sort of personal firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
