LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2004, 12:15 AM   #46
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30

/bin/bash,

That makes sense now. Do i have to run iptables-save everytime I make a change?
 
Old 08-18-2004, 12:23 AM   #47
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
A couple of queries,

If I use my linux PC as my firewall, is there a way block say for example Internet Explorer from a Windows PC from accessing the Internet and only allowing say Mozilla. I did ask this question some while ago but didn't get an approriate reply.
 
Old 08-18-2004, 08:37 AM   #48
barisdemiray
Member
 
Registered: Sep 2003
Location: Ankara/Turkey
Distribution: Slackware
Posts: 155

Rep: Reputation: 30
Quote:
Originally posted by Obie
A couple of queries,

If I use my linux PC as my firewall, is there a way block say for example Internet Explorer from a Windows PC from accessing the Internet and only allowing say Mozilla. I did ask this question some while ago but didn't get an approriate reply.
I think you can't. Because iptables works at layer 3 and 4, and there is no application-specific traffic (even http) only ports, addresses.. Also you can't distinguish the traffic that comes from Mozilla or IE, because there are standarts for http. But you can remove IE from the computer simply ;-) Because IE is a browser(-like software) and if it will not be able to connect web site; then we don't need it..
 
Old 08-18-2004, 04:32 PM   #49
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
barisdemiray,

Thanks. Is it not possible to block request headers via iptables? I suppose if it possible how do I go about looking for specific request headers for specific software. I rather not uninstall any software because it can simply be re-installed. That beats the purpose. I rather just block it.
 
Old 08-18-2004, 08:30 PM   #50
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
Quote:
Originally posted by Obie
/bin/bash,

That makes sense now. Do i have to run iptables-save everytime I make a change?
Yes if you make a change and you want to keep it you would have to run iptables-save. Of course you should make a backup of /etc/sysconfig/iptables before you do that just to be safe.
 
Old 08-19-2004, 08:00 PM   #51
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
/bin/bash,

Thank you.
 
Old 08-20-2004, 03:49 AM   #52
barisdemiray
Member
 
Registered: Sep 2003
Location: Ankara/Turkey
Distribution: Slackware
Posts: 155

Rep: Reputation: 30
Quote:
Originally posted by Obie
barisdemiray,

Thanks. Is it not possible to block request headers via iptables? I suppose if it possible how do I go about looking for specific request headers for specific software. I rather not uninstall any software because it can simply be re-installed. That beats the purpose. I rather just block it.
Application specific request headers are only packet payloads in the layers which iptables works. I'm not sure whether it could be but there is a netfilter match extension that make you be able to match a string (extension's name is also String) with the packet data. Look at the link below

http://www.netfilter.org/documentati...-3.html#ss3.18

If you write the results and details like request header diff.s between browsers after your work i would be happy. Hope these helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration