* how to filter on applications? @ 2006-10-26 18:53 vwf 2006-10-26 19:25 ` Mike 0 siblings, 1 reply; 9+ messages in thread From: vwf @ 2006-10-26 18:53 UTC (permalink / raw) To: netfilter Hello, I want to filter outgoing traffic based on the originating application. How do I do this? Please tell me iptables can do this. If not, how can I lock down my system? Thanks. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to filter on applications? 2006-10-26 18:53 how to filter on applications? vwf @ 2006-10-26 19:25 ` Mike 2006-10-27 8:22 ` vwf 0 siblings, 1 reply; 9+ messages in thread From: Mike @ 2006-10-26 19:25 UTC (permalink / raw) To: vwf; +Cc: netfilter vwf wrote: > Hello, > > I want to filter outgoing traffic based on the originating application. > How do I do this? Please tell me iptables can do this. If not, how can I > lock down my system? > > Thanks. > > http://l7-filter.sourceforge.net/ ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to filter on applications? 2006-10-26 19:25 ` Mike @ 2006-10-27 8:22 ` vwf 2006-10-27 8:27 ` Gáspár Lajos 0 siblings, 1 reply; 9+ messages in thread From: vwf @ 2006-10-27 8:22 UTC (permalink / raw) To: netfilter; +Cc: Mike On Thu, Oct 26, 2006 at 03:25:22PM -0400, Mike wrote: > vwf wrote: > > Hello, > > > > I want to filter outgoing traffic based on the originating application. > > How do I do this? Please tell me iptables can do this. If not, how can I > > lock down my system? > http://l7-filter.sourceforge.net/ This filters on protocol, not on application. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to filter on applications? 2006-10-27 8:22 ` vwf @ 2006-10-27 8:27 ` Gáspár Lajos [not found] ` <20061027083635.GA4518@trane.vulkor.net> 0 siblings, 1 reply; 9+ messages in thread From: Gáspár Lajos @ 2006-10-27 8:27 UTC (permalink / raw) To: vwf; +Cc: Mike, netfilter vwf írta: > On Thu, Oct 26, 2006 at 03:25:22PM -0400, Mike wrote: > >> vwf wrote: >> >>> Hello, >>> >>> I want to filter outgoing traffic based on the originating application. >>> How do I do this? Please tell me iptables can do this. If not, how can I >>> lock down my system? >>> > > >> http://l7-filter.sourceforge.net/ >> > > This filters on protocol, not on application. > > Yes! Because APPLICATIONS use PROTOCOLS to communicate with.... What do you do not understand? Swifty ^ permalink raw reply [flat|nested] 9+ messages in thread
[parent not found: <20061027083635.GA4518@trane.vulkor.net>]
* Re: how to filter on applications? [not found] ` <20061027083635.GA4518@trane.vulkor.net> @ 2006-10-27 8:53 ` Gáspár Lajos 2006-10-27 10:37 ` Gabor Szokoli 0 siblings, 1 reply; 9+ messages in thread From: Gáspár Lajos @ 2006-10-27 8:53 UTC (permalink / raw) To: vwf; +Cc: Netfilter IPtableMailinglist vwf írta: > On Fri, Oct 27, 2006 at 10:27:00AM +0200, Gáspár Lajos wrote: > >> vwf írta: >> >>> On Thu, Oct 26, 2006 at 03:25:22PM -0400, Mike wrote: >>> >>> >>>> vwf wrote: >>>> >>>> >>>>> Hello, >>>>> >>>>> I want to filter outgoing traffic based on the originating application. >>>>> How do I do this? Please tell me iptables can do this. If not, how can I >>>>> lock down my system? >>>>> >>>>> >>> >>> >>>> http://l7-filter.sourceforge.net/ >>>> >>>> >>> This filters on protocol, not on application. >>> >>> >>> >> Yes! Because APPLICATIONS use PROTOCOLS to communicate with.... >> >> What do you do not understand? >> > > My question was how to filter on application. Filtering on protocol does > not suffice. > > Okay... You want to filter on APPLICATION... Let me assume that you have a firewall and some clients. You want to block some traffic originated from your clients depending on the application. If an application talks to an other party then it uses a "language" that both understands. This is the PROTOCOL. In netfilter/iptables you can analyse the packets. Where from do they coming and where do they go... If you want to know the content of this pipe then you have to use some layer 7 filtering mechanism... http://en.wikipedia.org/wiki/OSI_model BUT if I did not understood you correctly then please send me an exact question... Thanx Swifty ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to filter on applications? 2006-10-27 8:53 ` Gáspár Lajos @ 2006-10-27 10:37 ` Gabor Szokoli 2006-10-27 11:04 ` vwf 0 siblings, 1 reply; 9+ messages in thread From: Gabor Szokoli @ 2006-10-27 10:37 UTC (permalink / raw) To: Netfilter IPtableMailinglist On 10/27/06, Gáspár Lajos <swifty@freemail.hu> wrote: > BUT if I did not understood you correctly then please send me an exact > question... I might be able to mediate before this escalates... I think vwf assumes the firewall is on the same host as the applications, no forwarding takes place. In this case it is not an unreasonable expectation to be able to write iptables rules matching the name of the executable whose process instance owns the socket: so called "personal firewall" applications on some other operating system do this all the time. Google-lee-goo: http://www.netfilter.org/projects/patch-o-matic/pom-submitted.html#pom-submitted-ownercmd Szocske ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to filter on applications? 2006-10-27 10:37 ` Gabor Szokoli @ 2006-10-27 11:04 ` vwf 2006-10-27 12:54 ` Pablo Sanchez 0 siblings, 1 reply; 9+ messages in thread From: vwf @ 2006-10-27 11:04 UTC (permalink / raw) To: Netfilter IPtableMailinglist On Fri, Oct 27, 2006 at 12:37:00PM +0200, Gabor Szokoli wrote: > On 10/27/06, Gáspár Lajos <swifty@freemail.hu> wrote: > >BUT if I did not understood you correctly then please send me an exact > >question... > > I might be able to mediate before this escalates... > I think vwf assumes the firewall is on the same host as the > applications, no forwarding takes place. > In this case it is not an unreasonable expectation to be able to write > iptables rules matching the name of the executable whose process > instance owns the socket: so called "personal firewall" applications > on some other operating system do this all the time. > > Google-lee-goo: > http://www.netfilter.org/projects/patch-o-matic/pom-submitted.html#pom-submitted-ownercmd Thank you. Your assumptions are right. I filter on application on the workstation, and on port/destination on the router. Iptables lost --cmd-owner, so new kernels were pretty useless to me, but they seem to be reintroduced for ip6tables. Is there a "howto" to rewrite a iptables firewall-ruleset to ip6tables (or a good introduction for ip6tables)? ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: how to filter on applications? 2006-10-27 11:04 ` vwf @ 2006-10-27 12:54 ` Pablo Sanchez 2006-10-30 9:40 ` Gáspár Lajos 0 siblings, 1 reply; 9+ messages in thread From: Pablo Sanchez @ 2006-10-27 12:54 UTC (permalink / raw) To: 'Netfilter IPtableMailinglist' > -----Original Message----- > From: netfilter-bounces@lists.netfilter.org > [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of vwf > Sent: Friday, October 27, 2006 7:05 AM > To: Netfilter IPtableMailinglist > Subject: Re: how to filter on applications? > > Thank you. Your assumptions are right. I filter on application on the > workstation, and on port/destination on the router. I find this e-mail list generally very courteous. English is a difficult language and it's not the primary language for a lot of people on this list. In my opinion what is important is to strive to understand what the poster is trying to say. Posters should strive to put as much detail as possible in their post to cut down on the 'discovery cycle.' Make it clear; don't leave anything to be assumed (if you can help it). Provide diagrams if possible (emacs' picture-mode works very well! ;) Now, back to filtering... --- Pablo Sanchez - Blueoak Database Engineering, Inc Ph: 819.459.1926 Toll free: 888.459.1926 Cell: 819.918.9731 Pgr: pablo_p@blueoakdb.com Fax: 603.720.7723 (US) ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to filter on applications? 2006-10-27 12:54 ` Pablo Sanchez @ 2006-10-30 9:40 ` Gáspár Lajos 0 siblings, 0 replies; 9+ messages in thread From: Gáspár Lajos @ 2006-10-30 9:40 UTC (permalink / raw) To: pablo; +Cc: 'Netfilter IPtableMailinglist' Hi all, Let me apologize for my posts in this thread. Sorry if I were rude. I did not wanted to be. As Pablo Sanchez wrote, English is sometimes very difficult to understand. This list is mostly read by sysops/sysadms. (I think.) They/we create iptables rules for a whole network. Simply I just wanted to help vwf and assumed things. That was bad. In the future I will not send any comment if I do not fully understand the question. Again, let me apologize. Swifty ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2006-10-30 9:40 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-26 18:53 how to filter on applications? vwf
2006-10-26 19:25 ` Mike
2006-10-27 8:22 ` vwf
2006-10-27 8:27 ` Gáspár Lajos
[not found] ` <20061027083635.GA4518@trane.vulkor.net>
2006-10-27 8:53 ` Gáspár Lajos
2006-10-27 10:37 ` Gabor Szokoli
2006-10-27 11:04 ` vwf
2006-10-27 12:54 ` Pablo Sanchez
2006-10-30 9:40 ` Gáspár Lajos
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.