Date: Sun, 19 Jun 2005 22:10:51 +0100 (BST) From: John Conner <johnc2kk@yahoo.co.uk> To: Peder Blom <peder.blom@bredband.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipf: filter by program? Message-ID: <20050619211051.57602.qmail@web26907.mail.ukl.yahoo.com> In-Reply-To: <20050619223845.0ae260b2.peder.blom@bredband.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Peder Blom <peder.blom@bredband.net> wrote: > On Fri, 17 Jun 2005 14:35:54 +0100 (BST) > John Conner <johnc2kk@yahoo.co.uk> wrote: > > > Hello all, > > > > I was just wondering if it was possible to add > program > > filtering into an IPF firewall? For example if > traffic > > is allowed out on port 80 then it may only travel > > through this port if, for example, it is coming > from > > firefox etc. It seems like a pretty useful feature > but > > as of yet I have been unable to find any > documentation > > that covers such a filtering rule. Any > > feedback/suggestions would be much appreciated, > > > > Other answers in this thread has made it clear that > this is not possible > using IPF. However, you can achieve something along > these lines using > jails. > > Put Firefox in a jail and make sure that there are > no other programs in > that jail that can access port 80. Then block all > outgoing access to > port 80, except from the jail ip. > > It will be a little more complicated to start > Firefox, eg "ssh -X > jail.ip firefox" instead of "firefox". Another > effect is that Firefox > will only have access to the jailed environment when > you save data (or > when it crashes or is a victim of the latest > unpatched exploit). > > Thanks Peder, thats a very good idea :) Think ill get on to that right away, cheers. John ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050619211051.57602.qmail>