Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-06-2006, 02:54 PM   #1
Registered: Oct 2005
Posts: 51

Rep: Reputation: 15
applications internet access rules

I'm about to switch completely to Suse. Windows simply doesn't do it for me anymore.
I was wondering though - and this might not be an issue under a linux environment but is/was very important to me under Windows - is there a Firewall or some kind of a software under linux that detects if an applications tries to connect to the internet so that I can decide if I will or will not restrict the connection.
For instance I had Sygate firewall under windows and I would get a message like " windows explorer (explorer.exe) tries to connect to the internet" and could select yes or no. I didn't find a tool for this yet (One thing a would also like to have under Mac OS X )
I'd be very grateful for any info/links about this matter


Last edited by Chris594; 12-06-2006 at 07:55 PM.
Old 12-06-2006, 03:52 PM   #2
Registered: Nov 2005
Location: Sweden
Distribution: Arch Linux 64bit with Gnome
Posts: 138

Rep: Reputation: 15
There is a tool called iptables that lets you do that, although, you wont get a messagebox asking if you want to allow it or not.
But you only open ports for the applications that need it anyway, just block all other ports.
You can still surf the web as usual, it only blocks outcoming connections if you want.

Unfortunatly I have never really learned to use this tool so i cant help you with that, but there are lots of how to's on the web

There are also GUI's for this tool. One example is firestarter.

Last edited by Synt4x_3rr0r; 12-06-2006 at 03:53 PM.
Old 12-06-2006, 04:41 PM   #3
Registered: Oct 2005
Posts: 51

Original Poster
Rep: Reputation: 15
Thanks for your input Synt4x_3rr0r.
I thought about the iptables... the problem still remains when a software wants to update itself, in many cases it will use port 80.

Last edited by Chris594; 12-06-2006 at 07:56 PM.
Old 12-07-2006, 10:06 AM   #4
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Yes you can stop some software from sending packets to internet by defining its binary file with some group & set a SGID bit(2755) to it & further blocking the packets with
iptables -m owner --gid-owner groupname -j DROP
Hope this helps.
Old 12-07-2006, 04:44 PM   #5
Registered: Oct 2005
Posts: 51

Original Poster
Rep: Reputation: 15
From what I read so far it seems that combining a hardware firewall with a tool like AppArmor would do the job. I'll miss the pop-up window of Sygate though .


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
giving applications access from firewall sharma.kashyap Linux - Security 3 05-13-2006 10:12 AM
limit access the web for applications arsham Linux - Networking 3 02-26-2006 08:41 PM
firewall: prevent some applications access internet alesz Fedora 2 07-12-2005 09:54 AM
Access to root applications as a user odiseo77 Fedora 1 02-04-2005 03:29 PM
Can't access Applications folder cordedpoodle Linux - Newbie 3 10-04-2003 12:51 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:18 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration