Re: Block network access completely for certain programs
On 7/4/23 10:16, Kapetanakis Giannis wrote: pf.conf(5) has option for user user user This rule only applies to packets of sockets owned by the specified user. For outgoing connections initiated from the firewall, this is the user that opened the connection. For incoming connections to the firewall itself, this is the user that listens on the destination port. ... TIL. Very cool. I like to think I am resistant to fanboyism, but pf challenges that.
Re: Block network access completely for certain programs
On 04/07/2023 16:08, r...@danwin1210.de wrote: How do I block the network access completely for a certain program with a blacklist or whitelist, whitelist prefered, with OpenBSD's pf(4)? My pdf reader, music player, video player, vim and much more shouldnt have access to networking at all. I remember it being possible with the Windows firewall program to choose a certain program to be completely networking-less. Is this possible with OpenBSD too? I couldnt find anything in the man pages or in the FAQ regarding this issue. pf.conf(5) has option for user user user This rule only applies to packets of sockets owned by the specified user. For outgoing connections initiated from the firewall, this is the user that opened the connection. For incoming connections to the firewall itself, this is the user that listens on the destination port. ... G
Re: Block network access completely for certain programs
You may use a different rdomain? Le 4 juillet 2023 15:08:35 GMT+02:00, r...@danwin1210.de a écrit : >How do I block the network access completely for a certain program with a >blacklist or whitelist, whitelist prefered, with OpenBSD's pf(4)? My pdf >reader, music player, video player, vim and much more shouldnt have access >to networking at all. I remember it being possible with the Windows >firewall program to choose a certain program to be completely >networking-less. Is this possible with OpenBSD too? I couldnt find >anything in the man pages or in the FAQ regarding this issue. >
Re: Block network access completely for certain programs
On 7/4/23 13:08, rat1 wrote: How do I block the network access completely for a certain program with a blacklist or whitelist, whitelist prefered, with OpenBSD's pf(4)? My pdf reader, music player, video player, vim and much more shouldnt have access to networking at all. I remember it being possible with the Windows firewall program to choose a certain program to be completely networking-less. Is this possible with OpenBSD too? I couldnt find anything in the man pages or in the FAQ regarding this issue. pf(4) is primarily an IP-based filter. You are looking for a filter that applies at the application level which will likely require a program from ports. You might be able to achieve what you want with pf by having multiple rdomain(4)s, use pf to block traffic based on rdomain, and execute programs by routing them to use the corresponding rtable(4); but that is almost certainly not what you want.
Block network access completely for certain programs
How do I block the network access completely for a certain program with a blacklist or whitelist, whitelist prefered, with OpenBSD's pf(4)? My pdf reader, music player, video player, vim and much more shouldnt have access to networking at all. I remember it being possible with the Windows firewall program to choose a certain program to be completely networking-less. Is this possible with OpenBSD too? I couldnt find anything in the man pages or in the FAQ regarding this issue.