Hey all,
Here's me with another one of my questions related to Linux-from-Windows. Basically, you may or may not know, but in Windows the "Personal Firewalls" are very common, they set rules
per application to deny or allow it network access.
This is mostly for
outbound connections. Meaning, they protect mostly from malware who "phones home" or "stealing files" or whatever the name is for this kind of malware -- you know, when the app takes some of your personal information on your PC and sends it out there on the internet.
I've been searching for hours now and a lot of people say that Linux can't do this and that firewalls in Linux only help with inbound connections? That would be messed up but I read a bit on AppArmor and it *seems* to have this capability.
Note that this is very important for me as I use a lot of proprietary software under WINE, which tends to phone home and frankly I don't even trust open source software after the Heartbleed bug, so I want to be as secure as possible against applications.
So please, don't tell me how this is not needed, because it is and I have apps that constantly need to be denied access (again, per application, as I need others to connect).
Either way, for WINE at least, I can set up an AppArmor profile to deny network for all applications that run via WINE, correct?
It is simple what I request:
1) Deny network by default for every single application, or at least every single WINE-based application (wine-preloader and wineserver profiles I guess?).
2) Allow only very specific applications to have network access, outbound especially.
This simple task is something I can't manage to get working but I'm a noob with AppArmor anyway. It seems "deny network" overrides any "network" (which allows it), so it is kinda impossible for me to deny it all and then allow it only on some apps? Do I really have to make a profile for every single application and deny them all except a few ones? That would take ages! I hope there's a better way, I don't want hundreds of profiles!
If you know of a fast and easy way please share here, and remember I'm noob with AppArmor so try to be slow or step by step how I can do this the easiest way possible? Thank you.
PS: I know AppArmor can do far more than deny network access, but I don't need the "deny file" functionality at the moment, just this.
(In Windows I used personal firewalls where the GUI just popped a dialog asking me to allow certain applications and block all others, that was it, so I'm not used to here yet)
EDIT: Oh and if there's a better tool for this simple job then it is no problem, even if the title has AppArmor in it, I don't mind using something else