Re: how to filter on applications?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: vwf <vwf@vulkor.net>
To: Netfilter IPtableMailinglist <netfilter@lists.netfilter.org>
Subject: Re: how to filter on applications?
Date: Fri, 27 Oct 2006 13:04:42 +0200	[thread overview]
Message-ID: <20061027110442.GA6607@trane.vulkor.net> (raw)
In-Reply-To: <de47c0230610270337p7b3e59f4g2706d54c16137276@mail.gmail.com>

On Fri, Oct 27, 2006 at 12:37:00PM +0200, Gabor Szokoli wrote:
> On 10/27/06, Gáspár Lajos <swifty@freemail.hu> wrote:
> >BUT if I did not understood you correctly then please send me an exact
> >question...
> 
> I might be able to mediate before this escalates...
> I think vwf assumes the firewall is on the same host as the
> applications, no forwarding takes place.
> In this case it is not an unreasonable expectation to be able to write
> iptables rules matching the name of the executable whose process
> instance owns the socket: so called "personal firewall" applications
> on some other operating system do this all the time.
> 
> Google-lee-goo:
> http://www.netfilter.org/projects/patch-o-matic/pom-submitted.html#pom-submitted-ownercmd

Thank you. Your assumptions are right. I filter on application on the
workstation, and on port/destination on the router.

Iptables lost --cmd-owner, so new kernels were pretty useless to me,
but they seem to be reintroduced for ip6tables. Is there a "howto" to
rewrite a iptables firewall-ruleset to ip6tables (or a good
introduction for ip6tables)?

next prev parent reply	other threads:[~2006-10-27 11:04 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-10-26 18:53 how to filter on applications? vwf
2006-10-26 19:25 ` Mike
2006-10-27  8:22   ` vwf
2006-10-27  8:27     ` Gáspár Lajos
     [not found]       ` <20061027083635.GA4518@trane.vulkor.net>
2006-10-27  8:53         ` Gáspár Lajos
2006-10-27 10:37           ` Gabor Szokoli
2006-10-27 11:04             ` vwf [this message]
2006-10-27 12:54               ` Pablo Sanchez
2006-10-30  9:40                 ` Gáspár Lajos

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061027110442.GA6607@trane.vulkor.net \
    --to=vwf@vulkor.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.