would you mind giving a couple line example for configuring IP Table to allow only evolution and firefox to access the internet for instance?
There might be a module that facilitates this functionality ??? - I'm not sure though, somebody else might be able to guide you further on that particular point - however
, on a related point, it's worth mentioning for newer users that you can still deploy some useful egress (outbound) filtering ideas via IPtables: - as an example
, looking at the outbound filtering
aspect for a possible workstation script:
iptables -P OUTPUT DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,110,443 -j ACCEPT
As you can see, in a relatively straight-forward manner, you can drop all outbound connections, except for access to ports which you explicity define. Admitedly, this isn't discriminating on a per-application basis, but it's a step in the right direction.