You are not logged in.
I'm looking for a firewall that can block applications.
The firewalls for linux that I've found using google and also the one I'm using now can not block an application. There used to be an option for iptables (-m owner --cmd-owner programname), but since kernel 2.6.14 they've removed this option for iptables.
Offline
But can't you just block the corresponding port ?
e.g. if you want to block ftp, you block outgoing port 21 packets...
Offline
there are Layer 7 facilities within NETFILER:
http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter
but good luck !!!!
t o m d e b
_______________________________________
"the urge to destroy is a creative urge."
Mikhail Bakunin.
Offline
You could try fieryfilter or Firestarter. The latter is available in extra.
Offline
The firewalls for linux that I've found using google and also the one I'm using now can not block an application. There used to be an option for iptables (-m owner --cmd-owner programname), but since kernel 2.6.14 they've removed this option for iptables.
As far as I can see, the owner match is still there. It is at least available as a kernel option.
Offline
Layer7 patches are included in ArchCK which has been mentioned above.
http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter
afaik you need to patch iptables with it, but that shouldnt be difficult. This is the closest thing you will find to what you want.
Offline
Thanks for all the tips, I'll investigate them.
To jerem:
Yes, I can block the ports that a program use. But mldonkey (a multi-network p2p app) uses a lot of ports, so I want to open these ports just for this app only and not for other apps.
To brain0:
Yes, the kernel option is still there. But when I use the owner module in iptables, it fails with Invalid Option in the shell and ipt_owner: pid, sid and command matching not supported anymore in kernel.log. I always use the latest archck kernel, but others on google have also complained about this.
Offline
eric, when you say u want to block applications, do you mean you want to block some of your applications getting out, or illicit use of ports for someone to get in ?
if its the latter, it may be that the firewall rules regarding "accepted, related, established" cover this as when you make rules, whichever firewall application u use, you can drop any incoming connections that arent following the state matches in your ruleset.
if you are concerned about ports being open to accept certain programs data, go to www.grc.com and use Shields Up to check. its a long while since i used any of this as i have a hardware firewall/router now, so apologies for lack of detail.
iptables/netfilter help here
Offline