| View previous topic :: View next topic |
| Author |
Message |
_Max_
Apprentice
Joined: 03 Mar 2003
Posts: 264
Location: London, UK
|
 Posted: Wed Sep 10, 2003 10:37 am Post subject: a firewall that filters by process name? |
 |
|
Hi,
I was wondering whether there is a firewall application that filters according to process name? In particular, I was wondering whether there is something out there that allows you to temporarily open up e. g. an ftp port for your ftp client when you are downloading stuff. Preferably, the firewall application would prompt you and ask "would you like this program to connect to this IP number over this port" or something similar?
I saw that maybe you could set up something with iptables and the `owner' match extension, but I wouldn't trust myself to come up with something sensible, and am thinking that someone out there must have already done this. I don't want to reinvent the wheel... |
|
| Back to top |
|
 |
cvk
Guru
Joined: 06 Jan 2003
Posts: 314
Location: Our house, in the middle of our street
|
| Posted: Wed Sep 10, 2003 10:45 am Post subject: |
|
|
I was searching for exactly the same thing this morning. FieryFilter might be able to do this, but it's "a pre-alpha version, it will probably format your harddisk. Consider it a 'preview version'." I haven't tried it after reading this warning, though 
Regards,
Chris
_________________
Adopt an unanswered post now. |
|
| Back to top |
|
|
sschlueter
Guru
Joined: 26 Jul 2002
Posts: 578
Location: Dortmund, Germany
|
| Posted: Wed Sep 10, 2003 2:02 pm Post subject: Re: a firewall that filters by process name? |
|
|
| _Max_ wrote: |
I was wondering whether there is a firewall application that filters according to process name?
|
You need sys-apps/systrace for this. Special kernel support is required for systrace and is included in sys-kernel/gentoo-sources for instance.
| _Max_ wrote: |
In particular, I was wondering whether there is something out there that allows you to temporarily open up e. g. an ftp port for your ftp client when you are downloading stuff.
|
You don't need systrace for regular applications that you trust and when everything goes well. It's just useful for software that is considered as untrusted or as an extra security measure in case your system got compromised.
| _Max_ wrote: |
Preferably, the firewall application would prompt you and ask "would you like this program to connect to this IP number over this port" or something similar?
|
There is a gui for systrace: sys-apps/gtk-systrace
| _Max_ wrote: |
I saw that maybe you could set up something with iptables and the `owner' match extension, but I wouldn't trust myself to come up with something sensible, and am thinking that someone out there must have already done this. I don't want to reinvent the wheel...
|
Yes, the owner match module with the --cmd-owner <name> option can also be used but it only works in the OUTPUT chain. |
|
| Back to top |
|
|
indros
Tux's lil' helper
Joined: 27 Sep 2002
Posts: 139
|
| Posted: Wed Sep 10, 2003 2:47 pm Post subject: |
|
|
| This may have be obvious to some, but this would only work from processes originating at the firewall, not clients behind (under the assumption it is NAT'ing). |
|
| Back to top |
|
|
_Max_
Apprentice
Joined: 03 Mar 2003
Posts: 264
Location: London, UK
|
| Posted: Wed Sep 10, 2003 3:02 pm Post subject: |
|
|
Thanks everyone. I think I am not brave enough to try FieryFilter right now as I can't afford to format my harddisk  systrace sounds promising, but isn't there something a little bit mature out there as well?
Indros: I was actually thinking of something like a "personal firewall", so in my case the processes that I want to give or deny access to would run on the same machine as the firewall. |
|
| Back to top |
|
|
|
Networking & Security
