Is there a firewall that can block an application?

eric · 2006-01-21 19:00:30

I'm looking for a firewall that can block applications.

The firewalls for linux that I've found using google and also the one I'm using now can not block an application. There used to be an option for iptables (-m owner --cmd-owner programname), but since kernel 2.6.14 they've removed this option for iptables.

jerem · 2006-01-21 19:03:37

But can't you just block the corresponding port ?

e.g. if you want to block ftp, you block outgoing port 21 packets...

tom.deb · 2006-01-22 01:07:03

there are Layer 7 facilities within NETFILER:

http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter

but good luck !!!!

smoon · 2006-01-22 01:36:36

You could try fieryfilter or Firestarter. The latter is available in extra.

brain0 · 2006-01-22 02:38:15

eric wrote:

The firewalls for linux that I've found using google and also the one I'm using now can not block an application. There used to be an option for iptables (-m owner --cmd-owner programname), but since kernel 2.6.14 they've removed this option for iptables.

As far as I can see, the owner match is still there. It is at least available as a kernel option.

iphitus · 2006-01-22 08:01:07

Layer7 patches are included in ArchCK which has been mentioned above.

http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter

afaik you need to patch iptables with it, but that shouldnt be difficult. This is the closest thing you will find to what you want.

eric · 2006-01-22 14:58:43

Thanks for all the tips, I'll investigate them.

To jerem:
Yes, I can block the ports that a program use. But mldonkey (a multi-network p2p app) uses a lot of ports, so I want to open these ports just for this app only and not for other apps.

To brain0:
Yes, the kernel option is still there. But when I use the owner module in iptables, it fails with Invalid Option in the shell and ipt_owner: pid, sid and command matching not supported anymore in kernel.log. I always use the latest archck kernel, but others on google have also complained about this.

Kern · 2006-01-22 22:20:57

eric, when you say u want to block applications, do you mean you want to block some of your applications getting out, or illicit use of ports for someone to get in ?

if its the latter, it may be that the firewall rules regarding "accepted, related, established" cover this as when you make rules, whichever firewall application u use, you can drop any incoming connections that arent following the state matches in your ruleset.

if you are concerned about ports being open to accept certain programs data, go to www.grc.com and use Shields Up to check. its a long while since i used any of this as i have a hardware firewall/router now, so apologies for lack of detail.
iptables/netfilter help here

Arch Linux

#1 2006-01-21 19:00:30

Is there a firewall that can block an application?

#2 2006-01-21 19:03:37

Re: Is there a firewall that can block an application?

#3 2006-01-22 01:07:03

Re: Is there a firewall that can block an application?

#4 2006-01-22 01:36:36

Re: Is there a firewall that can block an application?

#5 2006-01-22 02:38:15

Re: Is there a firewall that can block an application?

#6 2006-01-22 08:01:07

Re: Is there a firewall that can block an application?

#7 2006-01-22 14:58:43

Re: Is there a firewall that can block an application?

#8 2006-01-22 22:20:57

Re: Is there a firewall that can block an application?

Board footer