You are not logged in.
I did do a search before I posted this question, so I hope it's not a repeat.
What I'd like to do is deny all network access by default and specifically allow a few select programs (such as say pacman and firefox and ntpd). Is there a way to do this in Arch Linux?
Thank you for any assistance you can give me!
So glad I switched to Arch!
Offline
Could elaborate on the goal of restricting network access to select programs? Keeping in mind, firefox is not limited to web browsing (extensions for IRC, FTP, IM client, etc.).
If the goal is to restrict access to destination ports, the easiest solution would be to set up iptables and specify rules to this effect.
Last edited by chpln (2010-04-25 01:29:11)
Offline
Are you talking incoming or outgoing?
For incoming you can use /etc/hosts.deny and /etc/hosts.allow.
no place like /home
github
Offline
Outgoing. I remembered hosts.deny and hosts.allow from the installation guide. That was a gigantic PITA and simultaneously the best learning experience I could've had so in retrospect I'm glad the setup is that hands-on. But I digress. My goal is to achieve functionality on linux similar to the way some windows firewalls work with regard to program access. I don't expect any popups and I'm hopeful that I don't get any, but I'd like the end result to be the same. Goal is to make sure nothing on my system is accessing the internet that isn't supposed to be accessing the internet. It is extremely possible that I'm bringing my windows paranoia into linux and it's totally unnecessary.
Offline
As chpln says if you use iptables and only open the ports you want then that will achieve what you are after.
All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.
Offline
FYI /etc/hosts.* settings are only used by applications that use libwrap - in pacman terms, that means packages that depend on tcp_wrappers. pacman, firefox, and ntp do not.
Offline
Okay I'll read up on how to use iptables then. Thanks for the help!
Offline
To respond to the specific topic question, i'm afraid you can't; someone corrects me if i'm wrong.
But iptables is capable of blocking users instead, so if you launch a program via a specified users, you can block or allow it.
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline