filter by program?

[Alex Zbyslaw]

John Conner wrote:

>I was just wondering if it was possible to add program
>filtering into an IPF firewall? For example if traffic
>is allowed out on port 80 then it may only travel
>through this port if, for example, it is coming from
>firefox etc. It seems like a pretty useful feature but
>as of yet I have been unable to find any documentation
>that covers such a filtering rule. 
>
IPF, IPFW and PF are all *packet* filters (hence the P in all of them).  
Packets have no idea which application they originated from or which 
application is going to receive them.  If you aren't sure what a packet 
is, then you could start with man ip, tcp and udp, move on to relevant 
RFCs or find a book on networking.  I'm sure you could get 
recommendations here if you asked (and who knows, if you searched the 
archive you might find some).

What you are asking for is *application* level filtering which is 
generally much harder because the protocols involved are more 
complicated.  To achieve the specific example you mention (allow 
Firefox, disallow everything else) you might be able to achieve 
something like that by forcing all your clients to use a proxy server 
and using that to filter out connections you do not want.  Whether 
anyone has written a proxy server that filters on the client type seems 
doubtful.  That kind of info is easy to spoof (see Opera) and quite what 
the point would be, I cannot see.  If you don't want browsers other than 
Firefox running then delete them from your systems ;-)

--Alex