[clug] Are outgoing firewalls of any use?
jm
jeffm at ghostgun.com
Thu Jul 2 23:29:47 GMT 2009
Francis Markham wrote:
> Are there any other options for application level blocking rather than port
> level blocking? SELinux has the reputation of being rather fussy and
> breaking things. Ideally, something that can be interactively "trained" ala
> Windows desktop firewalls.
>
>
You could try to bend a layer 7 (really an application protocol) based
firewall such as http://l7-filter.sourceforge.net/ to you will.
While it can't be trained it does recognise a number of protocols. It
may be useful in making such that you are speaking the correct protocol
on the correct port which is half the battle in stop these things. You
would need to combine this with other iptable rules of course.
Can you give an example what type of interfaces you have in mind? Would
this be configured an the system level only or would the user be allow
to tweek it?
Hope this helps,
Jeff.
More information about the linux
mailing list