You are not logged in.
- Topics: Active | Unanswered
#1 2015-06-26 21:30:14
- kox
- Member
- Registered: 2015-05-01
- Posts: 146
Block traffic and allow exceptions
Hello. I want to secure my system as much as possible (while keeping it usable). I want to go with the principle of last privilege. I guess I would start with Internet. I only need Internet connection for handful of apps, like Chromium, Pidgin, Transmission and there's no need for anything else to have this privilege. I only found on Google a way to block an app from using internet, by setting iptables rule for a new group like no-internet and then running the program like sg no-internet app_name. I guess I could do it backwards and make only a certain group privileged to use Internet.
But isn't there something nicer? Like allowing internet connection based on process location or something else unique to an app?
Last edited by kox (2015-06-26 21:31:06)
Offline
#2 2015-06-26 21:43:28
- Malkymder
- Member
- Registered: 2015-05-13
- Posts: 258
Re: Block traffic and allow exceptions
You could have a look at http://douaneapp.com/
Offline
#3 2015-06-27 00:04:49
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,350
Re: Block traffic and allow exceptions
...I only need Internet connection for handful of apps, like Chromium, Pidgin, Transmission and there's no need for anything else to have this privilege.
...pacman, curl, git, mercurial, wget, ssh, dhcpcd, whois....
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#4 2015-06-27 08:28:38
- kox
- Member
- Registered: 2015-05-01
- Posts: 146
Re: Block traffic and allow exceptions
Thanks, I guess I will try with user groups first. What about selinux, can it do something like that?
Offline