| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Sep 2012 13:50:39 -0700 From: John Fastabend <john.r.fastabend@...el.com> To: Chad Gray <chad938@...mail.com> CC: Ben Hutchings <bhutchings@...arflare.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: Netfilter lacks ability to filter packets via Application-origin On 9/19/2012 1:24 PM, Ben Hutchings wrote: > On Wed, 2012-09-19 at 15:40 -0400, Chad Gray wrote: >> Users need the ability for Linux firewall to filter packets based on what >> Application they are originating from. This ability is present in Mac and >> Windows firewalls, but not Linux. >> >> For example, users would like ability to open Port 80 for Firefox, but keep >> Port 80 closed for other applications. >> >> This ability enhances Privacy & Security of the user but also helps to better >> inform the user about the comings and goings of internet traffic and what >> application/s are causing the traffic. > > Most of the Linux Security Modules seem to support this sort of network > policy. > > Ben. > Another approach might be to use the net_cls cgroups and set the classid matching against it with tc or netfilters. .John -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists