application layer firewall in linux?

taiwf · 04-11-2006, 12:19 AM

HI,

I am looking for decent application firewall package. Can anyone give me some recommendation? I currently using iptables but it only does layer3 filter. I am looking for firewall can easily block messenger (or similiar chat program).

thx

chris

Simon Bridge · 04-11-2006, 01:52 AM

you want to block by application rather than port/socket?

A simple google, or a repo check, will turn up a number of firewall tools, like firestarter and shorewall ... so distro and what you've tried would be good info here. I usd to use a commercial one: zonealarm ... at the time there was a linux varient (gratis for home use only) but, it seems, no more. However, if this is the sort of thing you want, have a look at:
http://www.linuxquestions.org/linux/...larm_for_Linux

taiwf · 04-11-2006, 01:59 AM

I thought both firestarter and shorewall are iptables based firewall which mean its only L3 packet filtering right (i presume they just add an GUI on iptables )? Zonealrm i never see before in linux port but will look up more although it appear to me more for workstation then a server (which is what i used).

Sorry that forgot to inc the distro i use. I am using debian sarge 3.1 .

Simon Bridge · 04-11-2006, 02:40 AM

firestarter also lets you view and manage active processes via a gui - xchat is one of the examples used on the site: http://www.fs-security.com/

The link I sent you should be inspected too.

Quote:

It is well-known that firewalls can be loosely categorized into proxies and packet filters. The latter "know" the application-level protocols such as telnet, HTTP or SMTP and can inspect the protocol payloads and verify the commands. This comes at a significant performance penalty since packets have to be processed higher in the network protocol stack in application layer.

... if this sounds like what you would like. See: http://www.securityfocus.com/infocus/1531

It's just that when folk want application layer controls they are usually just wanting zone-alarm/windows style firewall interface.

shame · 04-11-2006, 04:54 AM

Firestarter and Guarddog allow you to block certain protocols, which would allow you to block yahoo messenger and other chat programs.
There is one application based firewall for linux that I know of - TuxGuardian - http://tuxguardian.sourceforge.net/

Quote:

With TuxGuardian you'll be able to implement access control policies to the network resources in order to identify and control every application that tries to access the network.

I tried it many months ago and couldn't get the dependencies sorted out but I'm thinking of giving it another go.