LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > 4MLinux
User Name
Password
4MLinux This forum is for the discussion of 4MLinux.

Notices


Reply
  Search this Thread
Old 08-25-2021, 08:04 AM   #1
4ML220
LQ Newbie
 
Registered: Aug 2017
Posts: 16

Rep: Reputation: Disabled
Now to block all in/out traffic? (except for Palemoon)


Cloud you help me please with the settings 4Mlinux 37 x64 - how can I block all in/out traffic for LAN, WLAN, Bluetooth, except for Palemoon?
Thank you.
 
Old 08-26-2021, 04:02 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,913

Rep: Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163
A couple of suggestions from me (not complete solutions)...

1) It is possible to construct an iptables rule to drop all traffic apart from a given group (gid) such that palemoon could still access the internet. For example, create the group "internet-group" and iptables similar to the following...
Code:
iptables -P INPUT DROP 
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m owner --gid-owner internet-group -j ALLOW
You would need to execute palemoon with the sg command (or make a desktop shortcut)...
Code:
sg internet-group palemoon
2) Not application-specific, but just block all traffic except for web-traffic. For example...
Code:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
3) Have look at using OpenSnitch (application-level firewall) in addition to your kernel-based firewall....

https://linuxsecurity.expert/tools/opensnitch/
https://itsfoss.com/opensnitch-firewall-linux/
https://www.linuxuprising.com/2018/0...plication.html

Last edited by ferrari; 08-26-2021 at 04:16 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to use VPN tunnel for all traffic except SMTP (port 25) traffic? maven12 Linux - Networking 2 11-09-2010 07:00 AM
How to block ALL traffic except port 443 carlozrox Linux - Security 2 03-11-2009 06:15 AM
Block all incoming mail traffic except certain addresses jennyzon Linux - Networking 1 01-13-2009 07:35 AM
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
Can't ping/ssh my box, Shorewall seems to block all traffic except http / ftp tiduck Linux - Networking 10 05-22-2003 10:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > 4MLinux

All times are GMT -5. The time now is 02:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration