Nagatoro schreef:
> Matt Randolph wrote:
>
>> I've seen related threads here recently, but I think my question is
>> different enough to warrant a new thread.
>>
>> I'm looking for a personal firewall along the lines of the ZoneAlarm
>> product for Windows. I don't want to take the time to teach myself
>
>
> Not an answer but a follow up question: Is there a firewall for Linux
> that can do application level filtering (probably wrong terms but...),
Please anybody, correct me if I'm wrong, but afaik, this assumption that
there are multiple firewall programs in the first place is incorrect.
There is one. IPtables. All right, two, if you count IPchains, which
IPtables replaced.
> that is is there a program that can block foo from web access but allow
> it to imap and at the same time allow bar web access? (like most Win*
> firewalls can)
It's all about the ruleset. In this case, it looks like this option is
involved:
owner
This module attempts to match various characteristics of the
packet creator, for locally-generated packets. It is only valid in the
OUTPUT chain,
and even this some packets (such as ICMP ping responses) may have
no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the
given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the
given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the
given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the
given session group.
--cmd-owner name
Matches if the packet was created by a process with the
given command name. (this option is present only if iptables was
compiled under a
kernel supporting this feature)
Obviously, one would have to read more of man iptables than I did, or
get a GUI front end that handles this more 'intuitively' to actually
write the appropriate rule, but clearly it is possible.
Hope this helps,
Holly
--
gentoo-user@gentoo.org mailing list
