Re: forbid internet access to an application?
- From: "lucatrv" <lucatrv@xxxxxxx>
- Date: Mon, 28 May 2007 20:13:35 GMT
That would of course be entirely trivial to evade. Just make a hard linkto
the program with a different name.John.
It is like denying access to a building to anyone who says their name is
How long would that be effective?
I understand, but that would be the behaviour of a malign code. I'm not
talking of that, but only of preventing some normal application to access
the network. Since I use gentoo with kernel 2.6.20 SMP, from your answers I
have a confirmation that there's no way to do that with netfilter...
As for now, the only idea I have is if it is possible to define a selinux
policy with no access to the network, and then apply it to the applicatoin's
files. But it's only a supposition, since I actually haven't good knowledge
of selinux, and I guess it's not really easy to set it up with gentoo.
If you told us which program you wanted to restrict, then we could perhaps
give better advice.
Ok, so let's for instance consider ping.
Luca
.
- Follow-Ups:
- Re: forbid internet access to an application?
- From: Unruh
- Re: forbid internet access to an application?
- References:
- forbid internet access to an application?
- From: lucatrv
- Re: forbid internet access to an application?
- From: Allen Kistler
- Re: forbid internet access to an application?
- From: Unruh
- forbid internet access to an application?
- Prev by Date: Re: forbid internet access to an application?
- Next by Date: Re: forbid internet access to an application?
- Previous by thread: Re: forbid internet access to an application?
- Next by thread: Re: forbid internet access to an application?
- Index(es):
Relevant Pages
|
