LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-17-2006, 01:59 PM   #1
abalint21
LQ Newbie
 
Registered: Mar 2006
Posts: 3

Rep: Reputation: 0
Question Application Specific firewall rules, Howto: someone?


Hey everybody!

Does someone know a solution to how to configure a linux firewall to application specific settings? I mean that if I know that the application is safe, I would want to enable him to open any kind of ports regardless of any other firewall settings.
The solution behind all this I think is in some magical kernel module that intercepts the interrupt when the program want's to write to a socket, verifies if this can be done and then grant permission to execute the operation.

So, I know it's a complicated feature but...
Does anyone have any ideas, where can I find such a module or such application?

Respect,
X
 
Old 07-17-2006, 02:18 PM   #2
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 62
Unless your needs are fairly sophisicated, you're probably making more out of this than necessary. Presumably, you want to do something like using a filesharing program, and you want specific ports for it to use.

Number one, if you have a router, you'll need to open ports in it, or disable it's firewall.

Number two, install the firewall gui application best suited to your desktop (Firestarter-Gnome, Guarddog-KDE)

Again, if you have really sophisticated needs, ignore this and try to get help from firewall experts. But I think you'll have to be considerably more specific about your question to attract interest from them.
 
Old 07-17-2006, 08:50 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Does someone know a solution to how to configure a linux firewall to application specific settings? I mean that if I know that the application is safe, I would want to enable him to open any kind of ports regardless of any other firewall settings.
Sounds a bit like Systrace though that's prolly more than you want...
 
Old 07-18-2006, 02:54 AM   #4
abalint21
LQ Newbie
 
Registered: Mar 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Lightbulb

Quote:
Originally Posted by rickh
Unless your needs are fairly sophisicated, you're probably making more out of this than necessary. Presumably, you want to do something like using a filesharing program, and you want specific ports for it to use.

Number one, if you have a router, you'll need to open ports in it, or disable it's firewall.

Number two, install the firewall gui application best suited to your desktop (Firestarter-Gnome, Guarddog-KDE)

Again, if you have really sophisticated needs, ignore this and try to get help from firewall experts. But I think you'll have to be considerably more specific about your question to attract interest from them.
I'm not over complicating my self. That's what I really want to do! I've used windows before - aprox. an year ago -, and some commercial firewalls can do this... I can specify some applications as "TRUSTED"; from that moment on, that specific application would have access to all of the ports, and only asking for permission for very specific high risk port operations.

I would want this behavior on linux... Normal (static) firewall rules isn't good for me because the apply a rigid packet filtering, regardless of applications. Packet shaping firewalls are not good either because they: use a lot of resources and they only recognize package types, and I can't assign package type to specific applications.

I think that associating packages with applications It can only be done @ kernel level, and not in the Application layer - as packet shaping does - because only at that level you have full control of interrupts and I/O operations.

So my quest still remain to find a "application/module" that can do the job I'm asking.
Hope that I've been more specific now.

Regards,
X
 
Old 07-18-2006, 03:27 AM   #5
abalint21
LQ Newbie
 
Registered: Mar 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Cool

Quote:
Originally Posted by unSpawn
Does someone know a solution to how to configure a linux firewall to application specific settings? I mean that if I know that the application is safe, I would want to enable him to open any kind of ports regardless of any other firewall settings.
Sounds a bit like Systrace though that's prolly more than you want...
I think that Systrace is the "correct" answer to my question! Thanx!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pass locale info to a specific application? Peff Linux - Software 2 06-24-2005 05:40 AM
How to turn Linux into a Specific application zbarnes Linux - Newbie 13 04-15-2005 02:42 AM
starting KDE application on specific workspace aguerra Linux - General 2 02-20-2005 07:58 PM
Firewall Rules studpenguin Linux - Security 0 07-01-2004 04:14 AM
help with firewall rules please deuce868 Linux - Security 1 06-14-2004 04:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration