filter by program?
Alex Zbyslaw
xfb52 at dial.pipex.com
Fri Jun 17 19:08:50 GMT 2005
John Conner wrote:
>I was just wondering if it was possible to add program
>filtering into an IPF firewall? For example if traffic
>is allowed out on port 80 then it may only travel
>through this port if, for example, it is coming from
>firefox etc. It seems like a pretty useful feature but
>as of yet I have been unable to find any documentation
>that covers such a filtering rule.
>
IPF, IPFW and PF are all *packet* filters (hence the P in all of them).
Packets have no idea which application they originated from or which
application is going to receive them. If you aren't sure what a packet
is, then you could start with man ip, tcp and udp, move on to relevant
RFCs or find a book on networking. I'm sure you could get
recommendations here if you asked (and who knows, if you searched the
archive you might find some).
What you are asking for is *application* level filtering which is
generally much harder because the protocols involved are more
complicated. To achieve the specific example you mention (allow
Firefox, disallow everything else) you might be able to achieve
something like that by forcing all your clients to use a proxy server
and using that to filter out connections you do not want. Whether
anyone has written a proxy server that filters on the client type seems
doubtful. That kind of info is easy to spoof (see Opera) and quite what
the point would be, I cannot see. If you don't want browsers other than
Firefox running then delete them from your systems ;-)
--Alex
More information about the freebsd-questions
mailing list