You are not logged in.

#1 2010-04-24 23:41:25

falconheart
Member
Registered: 2010-04-24
Posts: 9

Is it possible to deny programs network access?

I did do a search before I posted this question, so I hope it's not a repeat.
What I'd like to do is deny all network access by default and specifically allow a few select programs (such as say pacman and firefox and ntpd). Is there a way to do this in Arch Linux?

Thank you for any assistance you can give me!
So glad I switched to Arch! smile

Offline

#2 2010-04-25 01:27:00

chpln
Member
From: Australia
Registered: 2009-09-17
Posts: 361

Re: Is it possible to deny programs network access?

Could elaborate on the goal of restricting network access to select programs?  Keeping in mind, firefox is not limited to web browsing (extensions for IRC, FTP, IM client, etc.).

If the goal is to restrict access to destination ports, the easiest solution would be to set up iptables and specify rules to this effect.

Last edited by chpln (2010-04-25 01:29:11)

Offline

#3 2010-04-25 04:09:05

demian
Member
From: Frankfurt, Germany
Registered: 2009-05-06
Posts: 709

Re: Is it possible to deny programs network access?

Are you talking incoming or outgoing?
For incoming you can use /etc/hosts.deny and /etc/hosts.allow.


no place like /home
github

Offline

#4 2010-04-25 09:47:44

falconheart
Member
Registered: 2010-04-24
Posts: 9

Re: Is it possible to deny programs network access?

Outgoing. I remembered hosts.deny and hosts.allow from the installation guide. That was a gigantic PITA and simultaneously the best learning experience I could've had so in retrospect I'm glad the setup is that hands-on. But I digress. My goal is to achieve functionality on linux similar to the way some windows firewalls work with regard to program access. I don't expect any popups and I'm hopeful that I don't get any, but I'd like the end result to be the same. Goal is to make sure nothing on my system is accessing the internet that isn't supposed to be accessing the internet. It is extremely possible that I'm bringing my windows paranoia into linux and it's totally unnecessary. big_smile

Offline

#5 2010-04-25 10:02:50

loafer
Member
From: the pub
Registered: 2009-04-14
Posts: 1,772

Re: Is it possible to deny programs network access?

As chpln says if you use iptables and only open the ports you want then that will achieve what you are after.


All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.

Offline

#6 2010-04-25 12:50:59

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Is it possible to deny programs network access?

FYI /etc/hosts.* settings are only used by applications that use libwrap - in pacman terms, that means packages that depend on tcp_wrappers. pacman, firefox, and ntp do not.

Offline

#7 2010-04-25 13:12:32

falconheart
Member
Registered: 2010-04-24
Posts: 9

Re: Is it possible to deny programs network access?

Okay I'll read up on how to use iptables then. Thanks for the help!

Offline

#8 2010-04-25 18:34:27

kokoko3k
Member
Registered: 2008-11-14
Posts: 2,390

Re: Is it possible to deny programs network access?

To respond to the specific topic question, i'm afraid you can't; someone corrects me if i'm wrong.
But iptables is capable of blocking users instead, so if you launch a program via a specified users, you can block or allow it.


Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !

Offline

Board footer

Powered by FluxBB