ipf: filter by program?
John Conner
johnc2kk at yahoo.co.uk
Sun Jun 19 21:10:53 GMT 2005
--- Peder Blom <peder.blom at bredband.net> wrote:
> On Fri, 17 Jun 2005 14:35:54 +0100 (BST)
> John Conner <johnc2kk at yahoo.co.uk> wrote:
>
> > Hello all,
> >
> > I was just wondering if it was possible to add
> program
> > filtering into an IPF firewall? For example if
> traffic
> > is allowed out on port 80 then it may only travel
> > through this port if, for example, it is coming
> from
> > firefox etc. It seems like a pretty useful feature
> but
> > as of yet I have been unable to find any
> documentation
> > that covers such a filtering rule. Any
> > feedback/suggestions would be much appreciated,
> >
>
> Other answers in this thread has made it clear that
> this is not possible
> using IPF. However, you can achieve something along
> these lines using
> jails.
>
> Put Firefox in a jail and make sure that there are
> no other programs in
> that jail that can access port 80. Then block all
> outgoing access to
> port 80, except from the jail ip.
>
> It will be a little more complicated to start
> Firefox, eg "ssh -X
> jail.ip firefox" instead of "firefox". Another
> effect is that Firefox
> will only have access to the jailed environment when
> you save data (or
> when it crashes or is a victim of the latest
> unpatched exploit).
>
>
Thanks Peder, thats a very good idea :) Think ill get
on to that right away, cheers.
John
___________________________________________________________
How much free photo storage do you get? Store your holiday
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
More information about the freebsd-questions
mailing list