Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an iptables redirecting all http traffic to squid port . I want to exclude from this , apt-get.I usually do this by owner match but apt-get is owned by root like many others progs.anyone a better idea ? Thanks !!!
I don't know how to do that exact thing you want, in my case I just solve the thing the easiest way possible, I make apt go through the proxy modifying /etc/apt/apt.conf and defining an http_proxy environment variable in the system profile.
With nufw, you can restrict one application or one user to traverse the firewall. Maybe by looking at the documentation you can turn nufw into what you want to do.
It's a rough rough idea, just wanted to point out my first impression.
Well by iptables'owner match for example ... i should make apt-get being owned by an unique owner . --uid-owner , --gid-owner , --pid-owner , --sid-owner . I would point your attention on these last two , could they be a solution ? Pid changes anytime the prog restarts isn't it ? So it's useless . What about the sid ? What is sid ?
ah!!! I thought your iptables was not on the machine which is a bit more secure and where nufw shows its advantage. The client talks to a remote authentication module that drives a remote firewall (the client + 2 machines are needed then). But even with nufw, when the machine is compromised then an application can act like an authorized application. Its the current limitation of nufw.
You can always modify apt-get so that you first get its pid and add a rule at the same time. or rename apt-get to apt-get-orig and put the script in apt-get which modifies iptables and then calls apt-get-orig. Seems possible?
Changing uid of apt-get is not easy because apt-get needs to have full access to the machine..
How many applications accessing the gateway are owned by root?Not so many isn't it?I'm trying to figure out ... the browser is mine and so all other clients like, gaim ,xchat,gftp,skype . I can't think of any other application apart from apt-get owned by root ... nmap , i use it on the gateway machine ... any other i can't think of ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.