* Re: how to filter applications with iptables
2003-06-26 8:03 how to filter applications with iptables Liber =?unknown-8bit?q?Chr=E9tien?=
@ 2003-06-26 7:19 ` Cedric Blancher
2003-06-26 7:21 ` Ray Leach
2003-06-26 7:25 ` Joel Newkirk
2 siblings, 0 replies; 4+ messages in thread
From: Cedric Blancher @ 2003-06-26 7:19 UTC (permalink / raw)
To: Liber ChrXtien; +Cc: netfilter@lists.netfilter.org
Le jeu 26/06/2003 à 10:03, Liber ChrXtien a écrit :
> I've a LAN at home with mdk as server and win and mdk on the clients
> My question is : is there a way to block certain applications, such as specific
> softwares (office suite for example), to access internet with iptables?
> How to identify the packets emitted from such applications and block them ?
If you've planed to do this remotly, I mean on a dedicated firewall,
such as your network gateway, you can't, as Netfilter is a packet
filter. Thus, you can say "allow TCP/80 as destination, but cannot force
HTTP usage through this port. To filter application protocols, you'll
have to use an application proxy (e.g. HTTP proxy). Eventhough,
distinguishing IE on Win, Word on Win or Mozilla on Win or Linux will be
difficult if they all use HTTP. You can only rely on related HTTP fields
that can be changed/forged.
If you've planed to do this locally, I mean using Netfilter on the
GNU/Linux clients, then you can use owner match which provides a command
line match (-m owner --owner-cmd $CMD). Although it is not as strict as
expected (you can use a well named symlink to gain access through an
authorized command), it allows some kind of valuable "personnal firewall
like" filtering.
For Win clients, use a personnal firewall, such as Kerio or Outpost. But
this part is off-topic ;)
--
Cédric Blancher <blancher@cartel-securite.fr>
IT systems and networks security - Cartel Sécurité
Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how to filter applications with iptables
2003-06-26 8:03 how to filter applications with iptables Liber =?unknown-8bit?q?Chr=E9tien?=
2003-06-26 7:19 ` Cedric Blancher
@ 2003-06-26 7:21 ` Ray Leach
2003-06-26 7:25 ` Joel Newkirk
2 siblings, 0 replies; 4+ messages in thread
From: Ray Leach @ 2003-06-26 7:21 UTC (permalink / raw)
To: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 1424 bytes --]
There are verious ways to 'block' packets from unwanted apps. Some use
netfilter some don't.
You can block mime types using a squid proxy.
You can block arbitrary strings in packets using the string match
support in the P-O-M for netfilter, e.g. -m string --string 'KAZAA'
Most applications use specific ports and protocols, so you could find a
combination of those and block the app that way, e.g. MSN messenger uses
TCP port 1863
Some apps need to contact a central server, so blocking that server will
effectively disable the app, e.g. Yahoo messenger.
Regards
Ray
On Thu, 2003-06-26 at 10:03, Liber Chrétien wrote:
> Hello,
> I've been looking for some information but couldn't find, so here it goes, I'm asking
> to the list : (excuse my technical english if I'm not clear enough)
>
> I've a LAN at home with mdk as server and win and mdk on the clients
>
> My question is : is there a way to block certain applications, such as specific
> softwares (office suite for example), to access internet with iptables?
> How to identify the packets emitted from such applications and block them ?
>
> Thanks
>
> Bruno
>
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how to filter applications with iptables
2003-06-26 8:03 how to filter applications with iptables Liber =?unknown-8bit?q?Chr=E9tien?=
2003-06-26 7:19 ` Cedric Blancher
2003-06-26 7:21 ` Ray Leach
@ 2003-06-26 7:25 ` Joel Newkirk
2 siblings, 0 replies; 4+ messages in thread
From: Joel Newkirk @ 2003-06-26 7:25 UTC (permalink / raw)
To: Liber Chrétien; +Cc: netfilter@lists.netfilter.org
On Thu, 2003-06-26 at 04:03, Liber Chrétien wrote:
> Hello,
> I've been looking for some information but couldn't find, so here it goes, I'm asking
> to the list : (excuse my technical english if I'm not clear enough)
>
> I've a LAN at home with mdk as server and win and mdk on the clients
>
> My question is : is there a way to block certain applications, such as specific
> softwares (office suite for example), to access internet with iptables?
> How to identify the packets emitted from such applications and block them ?
>
> Thanks
>
> Bruno
The only way to accomplish this is blocking by IP and ports. If there
is a certain type of connection you want to block you can perhaps
accomplish it by port.
If you want to run an iptables firewall and filter out explicitly
traffic from a certain windows application that communicates on
'standard' ports that you otherwise want open, you're out of luck. That
would be better handled on the Win box itself with something like
ZoneAlarm that lets you grant/deny connection privileges per
application.
j
^ permalink raw reply [flat|nested] 4+ messages in thread