[clug] Are outgoing firewalls of any use?

Francis Markham fmarkham at gmail.com
Thu Jul 2 06:55:38 GMT 2009


Are there any other options for application level blocking rather than port
level blocking?  SELinux has the reputation of being rather fussy and
breaking things.  Ideally, something that can be interactively "trained" ala
Windows desktop firewalls.

-Francis

2009/7/1 Paul Wayper <paulway at mabula.net>

> On 01/07/09 11:48, Francis Markham wrote:
>
>> 2009/7/1 Robert Edwards<bob at cs.anu.edu.au>
>>
>>  Clever malware can/will tunnel through whatever ports are open.
>>> Most likely, that will include tcp port 80 (http), otherwise the web
>>> disappears. If tcp port 80 is allowed out, then vaguely sophisticated
>>> malware can get out in any case.
>>>
>>>
>>>  What about blocking specific applications rather than specific ports?
>>  Is
>> that viable?
>>
>
> With SELinux you can do this.  You can limit a programs access to ports
> through SELinux, both incoming and outgoing as I understand it.  So you can
> say "IRC can only come from xchat", as well as denying other programs the
> ability to bind to port 6667 (to listen as a bot).
>
> Have fun,
>
> Paul
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>


More information about the linux mailing list