chris.carey at gmail.com
Wed Jan 23 10:12:20 MST 2008
On Jan 23, 2008 9:23 AM, Jason Edwards <jtanium at gmail.com> wrote:
> Sorry, I assumed Chris would be looking for a graphical tool to manage
> his firewall policies. If you can handle it, iptables on the command
> line is absolutely the way to go.
> But for somebody coming from Windows, using Comodo (a GUI), I think
> opening a terminal and typing an iptables command may be a little
> intimidating. If you just want really basic rules, and don't know
> iptables, Firestarter would be a good way to go.
I am very familiar with writing iptables firewalls by hand. This isn't
really what I'm looking for though. I am looking for something
specifically that could limit on a per-application basis, which I feel
is a very powerful security feature.
This is very useful in the situation where a non-root account gets
violated. The intruder would attempt to launch some custom-made ssh
brute force script, or add your machine into a IRC botnet. It would be
great if the network connection attempt was denied, logged to a file.
The root user would review that file, have the ability to allow (or
deny) permission to that application from having network access.
Most (not all) iptables firewalls are configured with the OUTPUT chain
default to ACCEPT. I guess what I'm getting at is that it would be
nice if you could set that OUTPUT chain to DENY by default, but log
and allow outbound access on a per-application basis. Currently, if I
open outbound port 80, then any software, trusted or malicious, could
use that hole.
It seems SELinux may solve the second part of my question - limiting
what the executables can do on the file system.
More information about the PLUG