Date: Fri, 17 Jun 2005 20:08:47 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: John Conner <johnc2kk@yahoo.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: filter by program? Message-ID: <42B31FBF.1040008@dial.pipex.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGOEBFHHAA.fbsd_user@a1poweruser.com> References: <MIEPLLIBMLEEABPDBIEGOEBFHHAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Conner wrote: >I was just wondering if it was possible to add program >filtering into an IPF firewall? For example if traffic >is allowed out on port 80 then it may only travel >through this port if, for example, it is coming from >firefox etc. It seems like a pretty useful feature but >as of yet I have been unable to find any documentation >that covers such a filtering rule. > IPF, IPFW and PF are all *packet* filters (hence the P in all of them). Packets have no idea which application they originated from or which application is going to receive them. If you aren't sure what a packet is, then you could start with man ip, tcp and udp, move on to relevant RFCs or find a book on networking. I'm sure you could get recommendations here if you asked (and who knows, if you searched the archive you might find some). What you are asking for is *application* level filtering which is generally much harder because the protocols involved are more complicated. To achieve the specific example you mention (allow Firefox, disallow everything else) you might be able to achieve something like that by forcing all your clients to use a proxy server and using that to filter out connections you do not want. Whether anyone has written a proxy server that filters on the client type seems doubtful. That kind of info is easy to spoof (see Opera) and quite what the point would be, I cannot see. If you don't want browsers other than Firefox running then delete them from your systems ;-) --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B31FBF.1040008>