Hello,

what is exactly this firewall ? How filter only a program ?
Some book paper to read about ?
And it's possible do this with iptables in Linux?

Thx
--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 01/12/2020 06.58, Mirko wrote:

Hello,

what is exactly this firewall ?

On what distribution?

How filter only a program ?

In Linux, you filter ports, not programs.

Some book paper to read about ?
And it's possible do this with iptables in Linux?

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/1/20 3:58 AM, Carlos E.R. wrote:

In Linux, you filter ports, not programs.

IPTables can filter based on cgroup and owner. So you can get down to program(s) in a cgroup, thus effectively filtering by program.

But this is only applicable on the host based firewall. An off-host
firewall won't have visibility into this information.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Grant Taylor <gtaylor@tnetconsulting.net> ha scritto:

On 12/1/20 3:58 AM, Carlos E.R. wrote:

In Linux, you filter ports, not programs.

IPTables can filter based on cgroup and owner. So you can get down to

program(s) in a cgroup, thus effectively filtering by program.

But this is only applicable on the host based firewall. An off-host

firewall won't have visibility into this information.

May be there are different front end than iptables to do this, but
my question was general not about linux and iptables, or about
make a app. firewall with iptables.

But your answer make me think about use different rules ( or route
if there are more than one route ) for different
program/process.

And exist the waf web app. firewall that filter the http searching bad request or strings.

--

Grant. . . .

unix || die

--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Carlos E.R." <robin_listas@es.invalid> ha scritto:

On 01/12/2020 06.58, Mirko wrote:

Hello,

what is exactly this firewall ?

On what distribution?

How filter only a program ?

In Linux, you filter ports, not programs.

Some book paper to read about ?

And it's possible do this with iptables in Linux?

--

Cheers, Carlos.

I asked in general about an application firewall.
There are WAF web app. firewall.
Debian
--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 04 Dec 2020 02:21:18 -0500, Mirko <mirkk@gmail.com> wrote:

May be there are different front end than iptables to do this, but
my question was general not about linux and iptables, or about
make a app. firewall with iptables.

GNU/Linux port of the Little Snitch application firewall https://github.com/evilsocket/opensnitch

and

https://linux-application-firewall.org/#download
Linux Application Firewall (LAF)

Regards, Dave Hodgins

--
Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
email replies.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 04/12/2020 08.15, Mirko wrote:

"Carlos E.R." <robin_listas@es.invalid> ha scritto:

On 01/12/2020 06.58, Mirko wrote:

Hello,



what is exactly this firewall ?

On what distribution?

How filter only a program ?

In Linux, you filter ports, not programs.

Some book paper to read about ?

And it's possible do this with iptables in Linux?

I asked in general about an application firewall.
There are WAF web app. firewall.
Debian

Sorry, I know nothing about an application named "firewall"; each
distribution calls "firewall" to a different thing.

Here it is "firewalld" (http://www.firewalld.org).

Nor do I know anything about a firewall in Linux that blocks applications.


--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)