ZoneAlarm-type firewall for Linux?

Jeremy C. Reed reed at reedmedia.net
Tue May 9 17:28:16 MST 2006


> I do know that there's a program out there named "AppArmor" that may
> provide the protection you are looking for. It's designed to interact
> directly with the kernel and allows you to define what processes can do
> what...etc. You can set a default policy to disallow every process from
> network access and then allow only certain processes to access the
> network.

Another program that does that is systrace found on some BSD systems. It 
provides "Interactive Policy Generation for System Calls". The systrace 
for Linux webpage is at 
http://www.citi.umich.edu/u/provos/systrace/linux.html but doesn't seem to 
be up-to-date or maintained (on Linux).

An alternative is selinux. I don't know best docs, but here are some 
links:
  
Red Hat Enterprise Linux 4: Red Hat SELinux Guide: 2.9. Policy Macros
http://www.linuxtopia.org/online_books/redhat_selinux_guide/rhlcommon-section-0053.html

Installing SELinux on Fedora / RedHat
http://www.crypt.gen.nz/selinux/install_fedora.html 

(selinux might already be integrated/installed on your Linux of choice.)

Also iptables can do filtering by user (UID) or process ID (PID). (See -m 
owner extension.)

You can probably find an interactive tools for viewing and managing 
iptables connections by UID or process. (Search for ctview as one 
example.)

Also look at "Filter based on program" at
http://michael.toren.net/slides/ipqueue/slide017.html. A python interface 
and perl module are available for "ipqueue".

Have fun!

 Jeremy C. Reed

echo '9,J8HD,fDGG8B@?:536FC5=8 at I;C5?@H5B0D at 5GBIELD54DL>@8L?:5GDEJ8LDG1' |\
sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'


More information about the PLUG-discuss mailing list