From owner-freebsd-stable  Tue Sep 12  7:39:20 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from racine.cybercable.fr (racine.cybercable.fr [212.198.0.201])
	by hub.freebsd.org (Postfix) with SMTP id B905437B423
	for <stable@freebsd.org>; Tue, 12 Sep 2000 07:39:16 -0700 (PDT)
Received: (qmail 14932777 invoked from network); 12 Sep 2000 14:39:14 -0000
Received: from r121m50.cybercable.tm.fr (HELO qualys.com) ([195.132.121.50]) (envelope-sender <mux@qualys.com>)
          by racine.cybercable.fr (qmail-ldap-1.03) with SMTP
          for <stable@freebsd.org>; 12 Sep 2000 14:39:14 -0000
Message-ID: <39BE4099.A88429FC@qualys.com>
Date: Tue, 12 Sep 2000 16:41:30 +0200
From: Maxime Henrion <mux@qualys.com>
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: stable@freebsd.org
Subject: Re: firewall rules for applications
References: <Pine.LNX.4.10.10009121722420.27569-100000@shark.harmonic.co.il>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

What about using MD5 keys to identify the binary ? I don't know of any
firewall that can do that.

Regards,
Maxime Henrion

Roman Shterenzon wrote:

> Perhaps it's possible to some degree using a transparent proxy and simple
> modifications to squid. (but then again, "UserAgent" could be fooled..)
>
> On Mon, 11 Sep 2000 mi@aldan.algebra.com wrote:
>
> > I wonder how feasible would it be to implement firewall rules
> > that would take into consideration the program (on the local machine)
> > sending/receiving the packets. I know, I can now base the rules on
> > the user/group id, but I may want to go further.
> >
> > Identifying a program to the kernel may not be simple -- perhaps a
> > regexp of the executable's name or an md5 of the /proc/file? Or the
> > executable's (or script's) inode-filesystem?
> >
> > I just read a description of a Windows product, that attempts to fight
> > software offered by sneaky vendors, that tries to contact the vendor
> > over the Internet to send back user's data. The blocking software,
> > supposedly, blocks applications from accessing certain sites. This is
> > not an immediate problem for FreeBSD, but...
> >
> > Just a thought...
> >
> >       -mi
> >
> >
> >



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message