From owner-freebsd-stable Mon Sep 11 15: 1:31 2000 Delivered-To: freebsd-stable@freebsd.org Received: from privatecube.privatelabs.com (privatecube.privatelabs.com [198.143.31.30]) by hub.freebsd.org (Postfix) with ESMTP id AD9FB37B43C for ; Mon, 11 Sep 2000 15:01:23 -0700 (PDT) Received: from misha.privatelabs.com (root@misha.privatelabs.com [198.143.31.6]) by privatecube.privatelabs.com (8.9.3/8.9.2) with ESMTP id RAA08581 for ; Mon, 11 Sep 2000 17:20:17 -0400 Received: from virtual-estates.net (mi@localhost [127.0.0.1]) by misha.privatelabs.com (8.9.3/8.9.3) with ESMTP id SAA26880 for ; Mon, 11 Sep 2000 18:01:05 -0400 (EDT) (envelope-from mi@virtual-estates.net) Message-Id: <200009112201.SAA26880@misha.privatelabs.com> Date: Mon, 11 Sep 2000 18:01:04 -0400 (EDT) From: mi@aldan.algebra.com Subject: firewall rules for applications To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I wonder how feasible would it be to implement firewall rules that would take into consideration the program (on the local machine) sending/receiving the packets. I know, I can now base the rules on the user/group id, but I may want to go further. Identifying a program to the kernel may not be simple -- perhaps a regexp of the executable's name or an md5 of the /proc/file? Or the executable's (or script's) inode-filesystem? I just read a description of a Windows product, that attempts to fight software offered by sneaky vendors, that tries to contact the vendor over the Internet to send back user's data. The blocking software, supposedly, blocks applications from accessing certain sites. This is not an immediate problem for FreeBSD, but... Just a thought... -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message