Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm looking for a little help on locating a suitable firewall... I've tried guarddog (stopped all traffic until I stopped it) and I've tried firestarter (worked reasonably, but crashed a lot).
What I'd really like though is a firewall that blocks all traffic except for that between the internet and programs I approve. I'm not speaking of blocking all ports, and only opening a few, I'm speaking of only allowing internet access for specific programs that I choose to allow. A GUI is rather important also....
I'm not sure if one exists, but if one does, might someone be able to tell me?
i dont know if such a kernel module exists but would it not be possible to hook into the socket system call and refuse to create INET sockets unless the callers pid is in an allowed list.
Originally posted by acid_kewpie that's not possible, the name of the end application is not present in tcp/ip packages....
I think he's looking for something similar to a Windows-type personal firewall (like ZoneAlarm) where the firewall keeps track of the application sending the packets. I did a quick search of my site and I turned up one candidate- FieryFilter. I did see references to something called Pyrewall; however, I couldn't quickly find any code to download. I've never tried either one so I can't speak as to how well they work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.