[clug] Are outgoing firewalls of any use?
Paul Wayper
paulway at mabula.net
Wed Jul 1 09:20:44 GMT 2009
On 01/07/09 11:48, Francis Markham wrote:
> 2009/7/1 Robert Edwards<bob at cs.anu.edu.au>
>
>> Clever malware can/will tunnel through whatever ports are open.
>> Most likely, that will include tcp port 80 (http), otherwise the web
>> disappears. If tcp port 80 is allowed out, then vaguely sophisticated
>> malware can get out in any case.
>>
>>
> What about blocking specific applications rather than specific ports? Is
> that viable?
With SELinux you can do this. You can limit a programs access to ports
through SELinux, both incoming and outgoing as I understand it. So you can
say "IRC can only come from xchat", as well as denying other programs the
ability to bind to port 6667 (to listen as a bot).
Have fun,
Paul
More information about the linux
mailing list